The AirTegrity Advantage

WiFi + WiMAX (Single or Dual Mode)

AirTegrity™ Wireless is a market leader, providing a secure wireless broadband platform that encompasses all networking and security requirements for the delivery of voice and data services, in a single cohesive product.

AirTegrity’s™ award winning wireless modules operate in both licensed and unlicensed frequencies. An AirTegrity™ smart network dramatically reduces the cost of network deployment, ownership and management by integrating Multi-Channel Radios and antenna technology with powerful routing, switching and security functions into every AirTegrity™ system. Common applications include,

• Residential or business customer aggregation
• Enterprise/Campus Inter-building connectivity
• Wireless Backhaul/Circuit Replacement

Point-to-Point / Point-to-Multi Point

Point-to-Point Solutions / WiFi / WiMAX

While the PmP architecture provides the ISP with the ability to deliver Voice/Data and Video to multiple end-users within a given area, getting an economical, reasonable amount of bandwidth to this point of propagation, remains an issue most of the time. This is why we have designed a complete suite of cost effective, licensed and unlicensed, WiFi and WiMAX products with the ability of producing TCP/IP speeds from 17.5 Mbits/s to 100 Mbits/s and covering up to 30 Miles.  These Point-to-Point cost effective solutions offer the broadest selection available in the market place. The Point-to-Point solutions come in pairs, with various antenna options to accommodate all application scenarios.

Point-to-MultiPoint Solutions / WiFi / WiMAX

AirTegrity’s point-to-multipoint solutions consist of a wide range of Sector Controllers, Access-Points and Subscriber Units.  The Access-Point distributes the information in the form of Video, Data and or Voice from a single point of propagation, ensuring coverage within a given perimeter.  The Subscriber-Unit receives this information as the Broadband Internet Access Gateway, delivering to a residence, business or government office. Subscriber Units can operate as single or multi-mode, multi-frequency and multi-standard units to re-distribute broadband signal using our patented Forward Direct Routing Mesh Architecture, creating sub-cells for hot-spots or public safety applications. Numerous combinations are available to tailor the perfect solution. Articulated around standard platforms, our Multi-Mode/Multi-Frequency architecture consists of interchangeable radio modules providing our customer with simple cohesive ways to scale their network as their needs increase. Hundreds of users can be attached to a single Access Point, with the possibility to either implement Pico or Metro-Cell architecture. 

Mesh HC - Dynamic Forward Routing

The ultimate combination between multi-standard, multi-frequency and multi-mode referes to our Mesh HC solution, an unprecedented level of versatility and scalability at your fingertips.

Dynamic Forward Routing, ("DFR") enables every subscriber radio to act not only as a source and destination of data packets, but also as a repeater of data packets on behalf of other users.  In a network based on the client/server model, DFR overcomes the classic “hidden radio” problem.  Any user of a cellular telephone who has lost a connection knows what it is to be “hidden” from the cell site.  With DFR, the hidden radio asks neighboring client radios to help out and repeat data packets between it and the cell site.  The hidden radio selects the best route through one or more neighboring radios. It also remembers alternate routes through other neighbors. In the event that the route of first choice becomes inoperative, the hidden radio selects an alternate route.  Even though there may be many possible multi-hop routes from a given hidden radio to a server radio, only the best route is selected.  The radios that are in range, but not on the route, do not repeat the packets to avoid interfering with the radios dynamically selected for “the” route. Without dynamic forward routing, every route between each subscriber (client) and the server radio (connected to the Internet and elevated on a tower) is limited to a “one-hop” route.  In order to minimize hidden radios in such an unintelligent network, more towers and server radios have to be added.  In a typical network topology, DFR eliminates on average one third of the infrastructure cost.  With DFR, fewer towers are required since they are replaced with multi-hop connections among subscriber client radios. 

Security

 AirTegrity Wireless has designed its wireless systems with security as of paramount importance. 

We provide comprehensive system security via a combination of inbuilt features:

• Secure VPN
• IPsec Endpoint or MS PPTP (Microsoft Point-to-Point Tunneling Protocol) on all links
• Built-in firewall support incorporating stateful packet inspection and flexible packet filtering
• Hardware assisted Triple DES encryption up to 132 Mbps
• AES or Blowfish encryption
• NAT (network address translation)
• VLAN
• Detection and reporting of potential Distributed Denial of Service (DDoS) attacks

All wireless communication is encapsulated into VPN tunnels and feature state of the art security options, providing for a completely secure system.

Previously, the challenge to provide cost effective, high performance; secure, stable, simple and manageable network access for users has meant the need for multiple devices and technologies be configured into the network.  AirRunner has integrated these features into a cohesive solution that eliminates compatibility and support concerns of disparate products and provides assurance of system security

The following explains the functionality of the security features in-built into the AirTegrity system in greater detail.

Secure Virtual Private Networks (VPNs)

Businesses today are increasingly looking to encrypted VPNs to provide cost-effective, secure communications services that will enable them to link their business processes more closely with partners, suppliers and customers in ways never dreamed of just a few short years ago.

The ability to replace costly leased and dial-up lines with efficient secure IP connections in order to link remote workers and branch offices to the corporate network is a compelling business proposition for many organizations.  Virtual Private Networks (VPNs) establish secure connections between distant networks. For the users of these networks, the distance is widely transparent - they use servers of the remote network as if they were located in the local network.

By using a combination of tunneling, encryption, authentication, and access control, a VPN gives users a secure method to access corporate network resources over the Internet or other public or private IP networks. Implementation of a VPN involves two major technologies: a tunneling protocol, and a method for authenticating users of the tunnel.

Most wireless products on the market today require the purchase of an external VPN and firewall product. AirRunner has integrated these features and functionality into wireless system to provide a safe secure wireless environment to ensure privacy and protection of data from hackers or eaves-droppers.

Firewall and Stateful Packet Inspection

The integrated firewall in the AirTegrity system handles access control and filters data entering a network based on criteria such as IP address range or TCP port number.

Stateful packet inspection is a firewall architecture that works at the network layer. The AirRunner stateful packet inspection system monitors all incoming and outgoing packets for every IP session at both the network and transport layers and applies rules and policies to each one whilst screening for improper packets and intrusion attempts. The state of each traffic flow is inspected and analyzed and administrators have the flexibility to optionally enforce specific rules for port usage, blocking specific domains or implementing customized security levels.

The firewall can examine not just the header information but also the contents of the packet up through the application layer in order to determine more about the packet than just information about its source and destination. The firewall also monitors the state of the connection and compiles the information in a state table. Because of this, filtering decisions are based not only on administrator-defined rules but also on context that has been established by prior packets that have passed through the firewall.

IPsec

IPsec is a series of Internet Protocol Security standards covering encryption, authentication and key management.  Modern VPNs use IPSec to provide a secure transfer mechanism to automatically encrypt and tunnel the complete data flow to be sent over public networks protecting both the source and destination addresses.

MS PPTP

MS PPTP is the Microsoft Point to Point Tunneling Protocol and is widely used to secure and control access to wireless networks. PPTP was designed to provide authenticated and encrypted communications between a client and a gateway or between two gateways without requiring a public key infrastructure by using a user ID and password. It was first delivered in 1996, two years before the availability of IPSec. The design goal was simplicity, multi-protocol support, and ability to traverse a broad range of IP networks. Users of the AirRunner system can implement either IPSec or MS PPTP.

Triple DES

Triple DES is the standard being adopted by the all major finance institutions to ensure security of data. MasterCard International has mandated a change to Triple DES technology for all ATM’s operating on their network. The implementation of Triple DES is necessary in order to maintain public trust in payment systems and to ensure the integrity of confidential cardholder information. All ATM equipment installed on or after April 1, 2002 must be Triple DES compliant. All ATM equipment installed prior to this date had been upgraded to Triple DES by April 1, 2005

AES

The second encryption standard provided by AirTegrity is the Advanced Encryption Standard (AES).

AES is a US Government Federal Information Processing Standard that specifies a cryptographic algorithm for use by U.S. Government organizations to protect sensitive, unclassified information. As a likely consequence AES may eventually become the de facto encryption standard for commercial transactions in the private sector.

The AES is also known as the Rijndael algorithm and won a three-year competition involving some of the world's leading cryptographers. The overall goal was to develop a standard that specifies an encryption algorithm capable of protecting sensitive government information well into the 21st century. The AES is a block encryption method that uses long keys (128-, 192-, 256-bit) for data encryption.

The algorithm was required to be royalty-free for use worldwide and offer security of a sufficient level to protect data for the next 20 to 30 years. It was to be easy to implement in hardware and software, as well as in restricted environments and offer good defenses against various attack techniques.

Good security was the primary quality required of the winning formula, but factors such as speed and versatility across a variety of computer platforms also were considered. The algorithms had to be able to run securely and efficiently on large computers, desktop computers and even small devices such as smart cards.

The two Belgian cryptographers who wrote the Rijndael algorithm beat 15 other teams to be accepted as the new standard.  Other entrants in the competition included large research teams from IBM, RSA Security, Deutsche Telekom and the Japanese NTT.  The selection of their algorithm as the new standard has been described as a case of two guys in a garage taking on the establishment and winning.

Blowfish

AirTegrity Wireless also provides Blowfish as an alternative encryption algorithm to Triple DES and AES.  Blowfish has a 64-bit block and uses a variable-length key, from 32 bits to 448 bits, making it useful for both domestic and exportable use.Blowfish was designed in 1993 by Bruce Schneier as an alternative to existing encryption algorithms. Designed with 32-bit instruction processors in mind, it is faster than other encryption methods. Since its origin, it has been analyzed considerably. Blowfish is un-patented, license-free, and available free for all uses. Blowfish is a very useful and respected encryption method and has seen widespread application.

Distributed Denial of Service (DDoS) Prevention

DDoS attacks have become an increasing problem with the expansion of the Internet. DDoS attacks involve breaking into hundreds or thousands of machines all over the Internet. The attacker remotely installs DDoS software allowing them to control all the machines to launch coordinated attacks on victim sites. Commands are then accepted from over the Internet, and in response to those commands an attack over the Internet against some designated victim site is launched. A well-publicized attack saw gigabytes per second of traffic dumped on Yahoo. 

These attacks typically exhaust bandwidth, router processing capacity, or network stack resources, breaking network connectivity to the victims. 

AirTegrity systems feature software that detects, escalates and reports any misuse of network resources that may be suspicious traffic to the network administrator.

NAT (Network Address Translation)

In security terms, NAT hides the IP address of a client behind the firewall so that it cannot be directly accessed from outside of the network.

Typically, a company maps its local inside network addresses to one or more global outside IP addresses and un-maps the global IP addresses on incoming packets back into local IP addresses. This helps ensure security since each outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request. NAT also conserves on the number of global IP addresses that a company needs and it lets the company use a single IP address in its communication with the world.

Standards

RFC 1321                The MD5 Message-Digest Algorithm

RFC 1828                IP Authentication used Keyed MD5

RFC 1829                The ESP-DES-CBC Transform

RFC 2085                HMAC-MD5 IP Authentication with Replay Prevention

RFC 2104                HMAC: Keyed-Hashing for Message Authentication

RFC 2144                The CAST-128 Encryption Algorithm

RFC 2401                Security Architecture for the Internet Protocol

RFC 2402                IP Authentication Header

RFC 2403                The Use of HMAC-MD5-96 within ESP and AH

RFC 2404                The Use of HMAC-SHA-1-96 within ESP and AH

RFC 2406                IP Encapsulating Security Payload (ESP)

Single, Dual, Tri-Mode A

Multi-standard, multi-mode and multi-frequency, our product line can accommodate most of our customer’s needs in the most seamless way – Providing with a cost-effective way to implements high-capacity, secured and versatile WiFi/WiMAX fixed or mobile networks at present, while ensuring the so called “scalability” to enable the proper migration path to future roll-outs.

VoIP/Qos/SNMP/DHCP/VPN

Toll quality voice is supported by AirTegrity’s industry standard SIP implementation and STUN (Simple Traversal of UDP through Network Address Translation) server (RFC 3489), an implementation of the STUN protocol that enables SIP-based communication through Firewalls. The STUN protocol enables a SIP client to discover whether it is behind a NAT, to determine the type of NAT, and to cleanly traverse it while maintaining your Firewall protection.