Broadband security is a priority for netBlazr. We understand the threats that face wireless networks and have designed our network and operations to minimize these threats. Information Security is commonly viewed through the lenses of the “CIA triad,” that is, Confidentiality, Integrity, and Availability. One should look through these lenses when examining the security of customer data, as well as the network infrastructure itself.
Confidentiality refers to data privacy. Many wireless networks today, including municipal mesh networks, do not provide any protection of user data, placing the burden upon websites to provide encryption. This leaves these networks vulnerable to packet sniffing attacks. In fact, it is trivial for someone to “sniff” a user’s transactions with today’s popular social networking sites, and even web-based email services, provided they are within wireless range of the user. netBlazr has employed two layers of defense against these over-the-air attacks. The first of these is protecting the air interface with WPA2 256-bit CCMP (AES) encryption, the highest possible 802.11 encryption standard. The second layer of defense is employing an encrypted end-to-end VPN tunnel for every netBlazr member. With these defenses, traffic is effectively encrypted twice.
Privacy is also maintained by limiting access to network infrastructure to authorized users. While netBlazr broadband cooperative members own their equipment, this equipment is controlled and protected by netBlazr security standards.
Integrity examines the possibility that data can be modified in transit or at rest by an attacker. As for user data in transit, both of the previous encryption mechanisms employ checksums and integrity check mechanisms to continually monitor if fraudulent data has been injected into the transmission. With regard to the network infrastructure, the netBlazr broadband network employs authentication methods to ensure that network control data has not been modified. Only secure protocols are used to access network equipment and sensitive infrastructure information.
Wireless networks have not kept the best reputation with regard to availability. netBlazr hopes to bring the dignity back. RF interference, resource overutilization, and changes to the physical environment are the common threats to any wireless signal. netBlazr addresses all three. To minimize RF interference, which in turn can create poor signal to noise ratios and hence lower bitrates, netBlazr uses multiple channels in the 5Ghz spectrum, directionally. This allows us to create a mesh network of non-interfering nodes that are short-range, and high capacity. Minimizing resource utilization, a plague debilitating the cell-phone data networks today (how many times does your call drop?), is mitigated against using technologies on both the radio and network layers. On the radio layer, a TDMA protocol is used to enable near-simultaneous access to nodes from their neighboring nodes. Additionally, quality of service is controlled at multiple points on the network, and can be controlled at the individual node level, to ensure that committed information rates are delivered to members. Changes to the physical environment could be anything that completely disrupts or diminishes the connection quality of a network node. In this case, netBlazr employs a dynamic routing algorithm to change the pathway that data takes to make it to the head-end, requiring both paths to be obstructed for service to be lost. We consider this probability to be very low.