FIPS: What is it? Why is it Important?

Aviat-Networks-says-FIPS-140-2-Level-2-validation-is-important-to-protect-microwave-radio-payload+management-traffic-June-25-2014

FIPS 140-2 Level 2 validation is important to protect microwave radio payload and management traffic from interception and hacking. Photo credit: Stephen Little / Foter / Creative Commons Attribution-NonCommercial 2.0 Generic (CC BY-NC 2.0)

FIPS stands for Federal Information Processing Standards, a set of computer security standards established by the US federal Department of Commerce’s National Institute of Standards and Technology (NIST). The goal of FIPS is to create a uniform level of security for all federal agencies in order to protect sensitive but unclassified information—a large portion of the electronic data not considered secret or higher.

Of most interest to microwave backhaul users are two particular FIPS standards, FIPS 197 and FIPS 140-2. FIPS 197 is straightforward enough: it provides the definition of the Advanced Encryption Standard (AES), which is the basis of so much of the security industry. Many security products from IT vendors are validated FIPS 197 through an organization within NIST called the Cryptographic Module Validation Program (CMVP) that reviews and verifies the testing results of independent labs that put participating company’s cryptographic modules through their paces.

It still begs the question, “Why is FIPS important?” The answer is simple. Rather than take your telecom vendor’s word that its products are secure and will properly protect your payload and network management traffic, FIPS is an assurance backed by the full faith of the United States government that FIPS-validated security solutions defend your electronic information thoroughly within the context of how the solutions were designed and manufactured.

However, not all FIPS validations are created equal. FIPS 140-2 that sets the standard for the Security Requirements for Cryptographic Modules has different levels of validation. For example, a cryptographic module that is validated FIPS 140-2 Level 1 provides that basic level of security by encrypting data going through it to the level of protection provided by AES. However, a cryptographic module that is validated to FIPS 140-2 Level 2 not only provides AES electronic encryption but also physical security of the device itself. This means that a FIPS 140-2 Level 2 validated cryptographic module cannot be tampered with unless the seals on the solution housing are broken in which circumstance the so-called cryptographic officer will know immediately information security has been compromised and she can the take action at once to remediate any data breach.

FIPS 140-2 validated cryptographic modules are required by law for all US federal agencies that handle sensitive but unclassified information. And other industry verticals are making FIPS 140-2 Level 2 a nonnegotiable item for their backhaul security including financials, healthcare industry, legal services, mobile operators and public safety.

Face it: We live in a more and more insecure world. Whether you are a common carrier, a first responder agency or a multi-site hospital system, your customers have been hyper-sensitized about security and expect you do to everything possible to protect theirs. If you don’t have FIPS-validated security on your backhaul now, they may force it on you later. Get ahead of the curve and look into implementing FIPS solutions today.

For more information on FIPS, download the Aviat Networks primer on FIPS.

Positively Sold on MPLS at the Cell Site

MPLS at the cell site via microwave routers will positively supercharge service revenues for mobile operators. Photo credit: <a href="https://www.flickr.com/photos/tomgehrke/9656826700/">Thomas Gehrke</a> / <a href="http://foter.com">Foter</a> / <a href="http://creativecommons.org/licenses/by-nc-nd/2.0/">Creative Commons Attribution-NonCommercial-NoDerivs 2.0 Generic (CC BY-NC-ND 2.0)</a>

MPLS at the cell site via microwave routers will positively supercharge service revenues for mobile operators. Photo credit: Thomas Gehrke / Foter / Creative Commons Attribution-NonCommercial-NoDerivs 2.0 Generic (CC BY-NC-ND 2.0)

Mobile industry enthusiasts have been warned at length about the proliferation of LTE devices forcing backhaul to become markedly different than it is today, especially in terms of capacity delivery. Other challenges for the service provider include rising cost of capital, increasing network complexity and the ability to gracefully accommodate future technology shifts such as SDN, NFV and SON—Software-Defined Networking, Network Function Virtualization, Self-Optimizing Networks. A Layer 3 IP/MPLS topology has addressed many of these goals so far in the aggregation and at the service provider edge of the network. MPLS, Multiprotocol Label Switching, in particular, has offered converged service delivery, fast failure recovery and advanced Quality of Service.

So what’s next? The fundamental transformation needed next is at the cell site, which is evolving from its basic role of housing a base station to the new reality of enhanced service delivery hub. Why is this important? It’s simple: MPLS allows operators to offer enhanced revenue-generating services while simultaneously enriching the consumer experience and feeding an entire mobile ecosystem.

Battling rising costs by monetizing new services
The day of reckoning for operators is predicted to come with the confluence of rising costs and shrinking ARPUs, leading to unsustainable losses. Additional revenue sources are the key to profitability, provided they could be enabled swiftly and seamlessly. Fortunately, MPLS is available as a steppingstone to new services. As high capacity and scale infiltrate the end-to-end network, the traditional macro site can be considered the new point-of-presence for revenue generation. MPLS-enabled services include Layer 3 VPNs (L3VPN), Layer 2 VPNs (L2VPN) and Virtual Private LAN Service (VPLS). L3 VPNs are attractive to customers (e.g. enterprises, government) who want to leverage the service provider’s technical expertise to ensure efficient site-to-site routing. L2 VPNs are attractive to customers who want complete control of their own routing. Finally, VPLS makes the service provider’s network look like a single Ethernet switch from the customer’s viewpoint, effectively making their WAN look just like their local campus.

For the mobile provider, the backhaul topology changes have already started to take shape, with Small Cell as one example of how cell sites will evolve, essentially becoming aggregation nodes as small cells (i.e., cloud RAN, IP, wifi) are added to network. This leads to a tangled web of complexity in a modern, heterogeneous network.

Technology flexibility to alleviate network complexity
To date, MPLS-enabled routers are the only proven solution to cost effectively converge multi-service interfaces onto a single low cost IP transport platform. The multitude of devices at the cell site includes legacy interfaces such as TDM, ATM and even Frame Relay. With its ability to decouple protocols from their physical transport medium, MPLS provides a single converged transport solution for all access technologies. As MPLS is generally deployed in core networks, adding it in the access is just an extension of the existing network transport architecture.

Beyond multiprotocol capability, the current hype of SDN, NFV and SON ushers in new challenges that are intended to optimize, virtualize and control the network—albeit with a significant operational learning curve. The capabilities of MPLS align with each of these goals, when they come. MPLS enables vendors to offer solutions that simplify management and protocols, provides fast adaptation for new services and eases the burden on personnel for general network turnup and maintenance—including tasks such as new base station provisioning, debugging, troubleshooting and performance monitoring

Benefits of IP/MPLS at the cell site
The benefits of IP/MPLS at the cell site are numerous, especially for LTE and LTE-A deployments. When compared to flat Carrier Ethernet networks, routers can scale to vast numbers of nodes. MPLS enables a scalable X2 network design. (X2 is the LTE interface used for Handover, Load Management, Mobility Optimization, Network Optimization and LTE-Advanced CoMP eNodeB coordination.) With eNodeBs on different subnets, routing is required between Layer 2 domains for a complete X2 solution.

MPLS-Traffic Engineering (MPLS-TE) provides operators with capability to steer traffic across backhaul networks, thereby increasing overall capacity and lowering latency for latency sensitive traffic flows—this is an important requirement for LTE-Advanced. MPLS-TE can increase backhaul capacity by 50 percent when compared to L2 networks.

How to Add IP/MPLS to the cell site
Introduction of IP/MPLS into the access network can be easily accomplished with networking platforms such as the Aviat CTR microwave router. The CTR 8540 is the industry’s first purpose-built microwave router—a unique concept that merges the functionality of an indoor microwave radio and a cell site router into an integrated solution, simplifying IP/MPLS deployments and creating a better performing network. The Aviat CTR helps operators avoid the investment of expensive standalone routers, translating to overall fewer boxes to buy, deploy and maintain. See more information on Aviat’s IP/MPLS solutions.

Louis Scialabba
Senior Manager of Marketing
Aviat Networks