“With more systems becoming integrated, the line between
digital and physical infrastructure has become increasingly blurred. As the power and efficiency of connectivity solutions improve, the security stakes are raised ever higher.”
ments of any organization without on- going, engineering micro-management. As such, the network can seamlessly be installed in minutes and integrate with existing communications infrastructure saving upstart time and money.
Establishing secure network traffic is as simple as choosing the security fea- tures required by the organization’s infor- mation security strategy. These many fea- tures can be controlled, monitored, and managed by Rajant BC|Commander® software that accompanies the Bread- Crumb nodes and integrates with systems that exist on non-Rajant network infra- structure.
CRYPTOGRAPHIC LAYERS
There are many layers to the crypto- graphic protection installed with Rajant’s Kinetic Mesh network, and all Bread- Crumb nodes are configured with 256-bit Advanced Encryption Standard (AES) using Rajant’s BC|Commander. The first layer of security starts with the crypto- graphic ‘handshake’ when two nodes in- terface. The nodes initiate this security handshake upon establishing a connec-
tion with each other no matter which security options are selected for the net- work.
This feature is always active and can’t be removed. If the nodes don’t recognize the cryptographic settings, then the con- nection is denied.
Beyond this, the selection of crypto- graphic options includes packet ciphers to encrypt all data as it flows between Bread- Crumbs and per-hop authentication to ensure that each data packet received is in its original state. The network has MAC address cipher capabilities to encrypt the source and destination MAC addresses and a client traffic cipher secured via WEP (Wired Equivalent Privacy), WPA (Wire- less Protected Access), WPA Enterprise (Remote Authentication Dial-In User Service or RADIUS), WPA2, and WPA2 Enterprise (RADIUS).
Rajant offers access control lists (ACLs) that can be applied to Ethernet and radio interfaces to specify the users or system processes that are granted ac- cess to objects as well as the operations that are allowed on given objects. You can deny access to specific items such as email addresses, users and URLs with a blacklist.
Virtual local area networks (VLANs) allow the segmentation of multiple vir- tual networks on a single mesh and are configured on a per-port basis, where a port is a BreadCrumb node, one of its Ethernet interfaces or a radio interface- ESSID combination. Clients with access to one set of VLANs cannot receive or send traffic to other VLANs even if they are on the same BreadCrumb mesh.
Quality of service settings applied to prioritize critical traffic can provide a se- curity benefit in certain applications, and disabling interfaces allows unused Ether- net and Radio interfaces to be disabled remotely.
Beyond these deep features, further security options are available to protect communications from the mesh network. To fortify the integrity of the Rajant firmware, updates are encrypted using 256-bit AES in CBC mode and crypto- graphically signed using a 4096-bit RSA key-pair meaning that non-Rajant firm- ware cannot be installed. Further to this, BC|Commander’s administrative and management communications are secured using TLSv1 with an RSA or ECC key that is configurable and unique to each BreadCrumb. All BreadCrumb configu- rations, passwords, and critical security parameters are capable of being remotely managed via BC|Commander or via a button on the device with physical access to a BreadCrumb node. This makes the BreadCrumb device inert so that it can- not join a secured mesh network.
THE FUTURE OF SECURITY
As the abilities of malicious parties improve, the techniques and methods used to compromise and assault critical information systems at industrial enterprises become more and more sophisticated. Therefore, industry-leading connectivity solutions need to provide top- of-the-line security to match the strength of the network. Rajant has been engaged in a long-term effort to build the most secure solutions available and fight back against malicious parties hoping to intrude on private networks. As a result, they are incredibly well-positioned to provide the latest and most effective security measures to CSOs and CISOs across the industry. This is something
the military, the first customer, has known for 20 years.
Chris Wall is the direc- tor of sales at Rajant.
80
JULY/AUGUST 2021 | SECURITY TODAY
WIRELESS MESH