WiMax Operator's Manual
WiMax Operator's Manual
WiMax Operator's Manual
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
188 CHAPTER 9 ■ NETWORK SECURITY<br />
Specifically, the network operator should have a policy for controlling human access into<br />
the central office. The central office itself should either be guarded or be equipped with a<br />
secure locking system that will keep out unauthorized individuals. If the central office is not<br />
staffed at all times, then it should be equipped with a surveillance and intrusion-detection system<br />
sufficient to thwart entry until humans can respond. Increasingly, municipal governments<br />
use broadband wireless networks for their own communication needs, and the governments<br />
must be reassured that the network hub is not wide open to attack.<br />
All vital records should be backed up in a secure facility and transmitted to that facility<br />
over a secure virtual private network (VPN) if transmission over public networks is involved.<br />
The VPN should make use of encryption and not just tunneling. In many cases, storage will<br />
take place over a private internal network and stored data will reside in a storage data array<br />
within the central office. Of course, the network can be presumed to be secure if it is dedicated<br />
to storage and is not accessible from the outside. If it is accessible, then the storage network<br />
must be protected with a firewall just as is the case with any other network.<br />
All network elements performing vital functions should be replicated such that a reserve<br />
unit can be immediately pressed into action in the event of a failure. Many carrier-class network<br />
elements have built-in redundancy where every aspect of the system is replicated<br />
internally.<br />
Most network elements made today utilize card and cage construction, and, when that is<br />
the case, individual cards should be hot-swappable so that the entire device need not be shut<br />
down to replace a card. The aim of the network operator must always be to minimize<br />
downtime.<br />
Secure Electrical Systems<br />
Another part of security and good network management is to make certain that high-quality<br />
electrical power will be available at all times even in the event of a power outage. This involves<br />
several distinct measures.<br />
The AC power provided by many electrical utilities is often remarkably inconstant, exhibiting<br />
long-term and short-term voltage sags as well as overvoltage conditions and occasional<br />
spikes where voltage levels may exceed the standard voltage by many multiples. The AC may<br />
also be troubled by the presence of harmonics, distortions in the AC waveform that can disrupt<br />
the functioning of many kinds of electrical or electronic components if sufficiently severe. All<br />
these conditions are undesirable, and some may be catastrophic, and the network operator<br />
must guard against them by appropriately selecting power conditioning and power backup<br />
equipment.<br />
Power conditioning devices take a number of forms.<br />
Passive systems consist of high-frequency filters (of limited usefulness because they cannot<br />
raise or lower voltage or eliminate harmonics), constant voltage transformers, and<br />
switched tap autoformers. Constant voltage transformers and switched tap autoformers are<br />
devices that will maintain constant voltage within certain values, say, 5 percent over and under<br />
the nominal value. While both are essentially passive in their operation, switched tap autoformers<br />
contain logic circuits and relays that select among output taps on the autoformer coil<br />
to compensate for changes in input voltage. Constant voltage transformers operate on a different<br />
principle; the transformer core is partially saturated at the nominal line voltage and will<br />
grow more or less saturated as the input voltage goes up and down, which in turn will cause