Security Features and Protocols

Mimomax radios incorporate a series of security features and protocols to assist in maintaining the integrity of your data and secure access to your radios.

Over-the-Air AES Encryption

Key use: encryption of sensitive data

Advanced Encryption Standard, or AES, is a symmetric-key block cipher which Mimomax has implemented as a software feature enabler to assist our customers to encrypt their sensitive data. Our radios can encrypt the entire data stream to as low as the Ethernet layer using the FIPS-Approved AES256+CBC or AES256+CCM encryption and authentication algorithms. Plain data encrypted using M-AES  is also link efficient by maintaining the compression ratios achieved on a plain link with RoHC.

Key features:

• Does not directly expose public keys on the product, uses key hashes instead
• Robust security as encryption is implemented in both hardware and software. The AES encryption and decryption core is a part of the CPU’s hardware thus making the chance of tampering or cloning unlikely.
• Achieve a much more secure link by combining AES with CBC or CCM for message authentication.

https Web Access

Control & Monitoring (C&M) to the radio is enabled by local or remote Web access, running a secure web server on each device.  Mimomax supports cyber safe https web access using SSL v2/TLS 1.0/1.1/1.2 with 2048-bit long certificates.

M-SEC – Network & Firewall Security

Key use: protection against security breaches

A stateful firewall in Mimomax’s M-SEC enhances the security of critical communications networks by distinguishing the legitimacy of data packets and their match with a known active connection.

Key features:

• Unlike stateless firewalls which retain no memory of previous packets, stateful firewalls hold significant attributes of each connection making it highly secure against “spoofing” attacks.
• Offers a more granular approach to controlling network traffic.
• Anti-lockout feature to prevent administrator from inadvertently configuring firewalls to lock the device access.
• Offers a predetermined, highly flexible and parametrized set of rules to allow the network user to securely manage web-administered devices.
• Offers special rules for per-MAC based filtering, e.g. filtering out traffic like PVST or STP.

RADIUS AAA

Key use: Authenticates, grants authorization and accounts for user activity

One of a number of Authentication, Authorization, and Accounting (AAA) protocols available, Mimomax supports RADUIS AAA to control user access to the network.

Key features:

• Authentication and authorization can be obtained from central RADIUS server
• Multiple users can be assigned to the role of ‘tech’ or the role of ‘user’.
• The radio supports two tiers of access – admin tier for ‘tech’ and user tier for ‘user’. All of the different users in the RADIUS server can be classified to one of these tiers.
• Each radio can optionally be linked to up to five RADIUS servers.
• Three login options are supported: Local, Radius and Local & Radius for higher security.

Port Security

Key use: prevention of unknown devices accessing the network

Mimomax radios are designed to offer the following Port Security features:

1) Egress/Ingress Rate limiting

Protection is offered from broadcast storms for both switch ports.  Maximum rate through the port (in kbps) is able to be selected per port.

2) Ports On/Off

This feature helps to secure the network by preventing unknown devices accessing the network by shutting unused ports down.

3) Sticky MAC

Helping to secure the network by preventing unknown devices accessing the network, the port security feature of the radio remembers the ethernet MAC addresses connected to the switch port and only allows that MAC address to communicate on that port.

Key features:

• Limiting one MAC address per port strengthens resistance to security breaches;
• User can optionally enable a number of pre-authenticated MAC addresses (i.e. white listing);
• Should another MAC address attempt to communicate through the port, the port security will make the port unavailable;
• There is a trap generated for a device which is successfully connected.  This trap is also active in the mode where the Sticky MAC is disabled.