WiMax Operator's Manual

More documents

Recommendations

Info

CHAPTER 9 ■ ■ ■ Network Security Security is not part of operations support systems (OSS) proper, but it is an integral part of managing a broadband access network. Indeed, security, in terms of the integrity of the network’s own infrastructure, the safety of its customers, and the nation itself, is becoming increasingly important in network operations today and cannot be considered optional at this point. Network security is a broad subject covering a number of areas. The most significant of those areas have to do with securing the network elements themselves. These encompass securing vital databases, including those concerned with customer records, network inventories, transactions with other service providers and carriers, and general business financial records; preventing unauthorized access onto the network and, in particular, preventing entry into customer virtual private networks (VPNs) or customer local area networks (LANs); preventing or limiting denial-of-service (DoS) attacks; and finally meeting CALEA reporting requirements imposed by the federal government in addition to other related regulatory mandates. ■Note CALEA is the Communications Assistance for Law Enforcement Act. As well as securing network elements, software platforms, and customer and business databases, one has to consider securing a whole other area of security dealing with facilities management. Because of the prominence accorded to hackers in the news media and in trade publications, the emphasis today is on data security, primarily on protecting network elements and the information they store from malicious code, but such concerns should not blind the network operator to the entire range of security concerns. Safeguarding the network from hacks performed over the Internet is certainly a worthy objective but is far from the only area upon which the network operator should focus. Security Policies Every business today, including a public service network, requires a security policy that will be rigorously monitored. Also, all aspects of security administration should follow that policy. The policy should be holistic, including threats involving physical intrusions into the facilities and not just remote attacks over the Internet. 187
188 CHAPTER 9 ■ NETWORK SECURITY Specifically, the network operator should have a policy for controlling human access into the central office. The central office itself should either be guarded or be equipped with a secure locking system that will keep out unauthorized individuals. If the central office is not staffed at all times, then it should be equipped with a surveillance and intrusion-detection system sufficient to thwart entry until humans can respond. Increasingly, municipal governments use broadband wireless networks for their own communication needs, and the governments must be reassured that the network hub is not wide open to attack. All vital records should be backed up in a secure facility and transmitted to that facility over a secure virtual private network (VPN) if transmission over public networks is involved. The VPN should make use of encryption and not just tunneling. In many cases, storage will take place over a private internal network and stored data will reside in a storage data array within the central office. Of course, the network can be presumed to be secure if it is dedicated to storage and is not accessible from the outside. If it is accessible, then the storage network must be protected with a firewall just as is the case with any other network. All network elements performing vital functions should be replicated such that a reserve unit can be immediately pressed into action in the event of a failure. Many carrier-class network elements have built-in redundancy where every aspect of the system is replicated internally. Most network elements made today utilize card and cage construction, and, when that is the case, individual cards should be hot-swappable so that the entire device need not be shut down to replace a card. The aim of the network operator must always be to minimize downtime. Secure Electrical Systems Another part of security and good network management is to make certain that high-quality electrical power will be available at all times even in the event of a power outage. This involves several distinct measures. The AC power provided by many electrical utilities is often remarkably inconstant, exhibiting long-term and short-term voltage sags as well as overvoltage conditions and occasional spikes where voltage levels may exceed the standard voltage by many multiples. The AC may also be troubled by the presence of harmonics, distortions in the AC waveform that can disrupt the functioning of many kinds of electrical or electronic components if sufficiently severe. All these conditions are undesirable, and some may be catastrophic, and the network operator must guard against them by appropriately selecting power conditioning and power backup equipment. Power conditioning devices take a number of forms. Passive systems consist of high-frequency filters (of limited usefulness because they cannot raise or lower voltage or eliminate harmonics), constant voltage transformers, and switched tap autoformers. Constant voltage transformers and switched tap autoformers are devices that will maintain constant voltage within certain values, say, 5 percent over and under the nominal value. While both are essentially passive in their operation, switched tap autoformers contain logic circuits and relays that select among output taps on the autoformer coil to compensate for changes in input voltage. Constant voltage transformers operate on a different principle; the transformer core is partially saturated at the nominal line voltage and will grow more or less saturated as the input voltage goes up and down, which in turn will cause
Page 2 and 3:
WiMax Operator’s Manual Building
Page 4:
This book is dedicated to my wife.
Page 8 and 9:
Contents About the Author . . . . .
Page 10 and 11:
■CONTENTS ix Performing Site Surv
Page 12:
■CONTENTS xi Cyberwarfare . . . .
Page 16:
About the Technical Reviewer ■ROB
Page 20 and 21:
Introduction Broadband wireless has
Page 22 and 23:
CHAPTER 1 ■ ■ ■ Wireless Broa
Page 24 and 25:
CHAPTER 1 ■ WIRELESS BROADBAND AN
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Page 32:
Page 35 and 36:
14 CHAPTER 2 ■ ARCHITECTING THE N
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
34 CHAPTER 3 ■ STRATEGIC PLANNING
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
64 CHAPTER 4 ■ SETTING UP PHYSICA
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
100 CHAPTER 4 ■ SETTING UP PHYSIC
Page 123 and 124:
102 CHAPTER 5 ■ STRATEGIES FOR SU
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 152 and 153:
CHAPTER 6 ■ ■ ■ Beyond Access
Page 154 and 155:
CHAPTER 6 ■ BEYOND ACCESS 133 Rou
Page 156 and 157: CHAPTER 6 ■ BEYOND ACCESS 135 (Qo
Page 158 and 159: CHAPTER 6 ■ BEYOND ACCESS 137 The
Page 160 and 161: CHAPTER 6 ■ BEYOND ACCESS 139 ins
Page 162 and 163: Figure 6-4. Wireless public network
Page 164 and 165: CHAPTER 6 ■ BEYOND ACCESS 143 sto
Page 166 and 167: Specialized Content Distribution Pl
Page 168 and 169: Beyond the Central Office CHAPTER 6
Page 170 and 171: CHAPTER 6 ■ BEYOND ACCESS 149 out
Page 172 and 173: CHAPTER 6 ■ BEYOND ACCESS 151 som
Page 174 and 175: CHAPTER 7 ■ ■ ■ Service Deplo
Page 176 and 177: CHAPTER 7 ■ SERVICE DEPLOYMENTS O
Page 196: CHAPTER 7 ■ SERVICE DEPLOYMENTS O
Page 199 and 200: 178 CHAPTER 8 ■ NETWORK MANAGEMEN
Page 210 and 211: CHAPTER 9 ■ NETWORK SECURITY 189
Page 216 and 217: Index ■Numbers 2.4GHz to 928MHz b
Page 218 and 219: asic access and best-effort deliver
Page 220 and 221: ■D dark fiber, features of, 75-76
Page 222 and 223: harmonics, impact on AC power, 188
Page 224 and 225: challenges to, 85-86 and NLOS, 121
Page 226 and 227: PONs (passive optical networks), fe
Page 228 and 229: signal diversity, providing with ad
Page 230 and 231: ■V VDSL and entertainment service
Page 233: forums.apress.com FOR PROFESSIONALS
show all

WiMax Operator's Manual

Create successful ePaper yourself

Delete template?

Save as template?