August 11, 2003

ARUBA WIRELESS NETWORKS SECURES THIRD-PARTY 802.11 ENVIRONMENTS WITH RF LOCK™

New Turnkey RF Security Solution Protects Companies From Internal and External Wi-Fi Breaches

SAN JOSE, CALIFORNIA, August 11, 2003 - Aruba Wireless Networks today introduced RF Lock, an advanced RF security solution that easily integrates into existing wireless environments to give enterprises, for the first time, complete visibility and centralized control over their existing wireless LANs.

A software module that runs under Aruba’s RF-Director, RF Lock has been uniquely packaged with Aruba WLAN switches and air monitors (RF probes) to give enterprises sophisticated RF security not found in traditional 802.11 access points and wireless gateways. Aruba is the first WLAN switching vendor to provide the ability to detect and disable rogue access points. In addition, RF Lock provides honeypot protection, and association and de-authentication flood protection.

RF Lock was created to secure three different types of enterprises:

  1. existing campuses where Cisco or conventional wireless networks have been installed but no integrated air security and RF management is available;
  2. corporations where there is no 802.11 wireless network but security is needed to detect rogue activity; and
  3. branch offices where remote probes can be distributed but centrally managed by corporate IT staff.

Deployed at the periphery of the wireless environment, Aruba RF probes connect directly or indirectly to an Aruba WLAN switch. RF Lock probes are then used to detect and disable rogue APs, provide 24/7 health monitoring of the wireless network and give network managers the ability to thwart security attacks.

Aruba’s RF Lock system is completely plug-and-play. Once installed, each RF probe automatically discovers the Aruba WLAN switch and loads its required configuration. RF probes can be installed anywhere within the existing L2/L3 network infrastructure with absolutely no physical or logical reconfiguration. RF probes operate on both the 2.4 and 5 GHz bands providing air security for 802.11a and b/g environments. Once the Aruba WLAN switch is deployed, additional RF probes can be quickly and easily added to protect new areas by simply plugging them into the network. The Aruba WLAN switch automatically handles power, configuration and control of the RF probes.

And unlike competitive offerings that waste wide area bandwidth by requiring all captured traffic to be sent back to a centralized appliance for processing, Aruba’s RF Lock system provides distributed processing with intelligent packet classification and policy enforcement occurring at each probe. Aruba’s WLAN switch is used for centralized policy definition that is then pushed out to all the RF Lock probes.

Key to the RF Lock policy enforcement system is a set of patent-pending algorithms that classify any unknown AP or station as part of an enterprise network or an outside network in a shared space environment.

This allows Aruba RF probes to enforce sophisticated policies like multi-tenancy channel split (i.e. the ability to reserve parts of unlicensed spectrum), honeypot protection (ensuring that enterprise stations associate with valid enterprise access points only), AP impersonation protection (ensuring that invalid APs are not advertising enterprise WLAN service), and station impersonation protection (ensuring that invalid stations are not masquerading as valid stations).

RF Lock also lets IT staff ensure all legacy access points are configured properly with valid security and mobility profiles so there are no security holes in the network due to misconfiguration. With RF Lock, administrators implement WLAN intrusion detection for common intrusions such as fake AP attacks, monkey jack attacks, ESSID jack attacks, and Netstumbler attacks.

“With Aruba’s RF Lock, we can literally wall-off our air space as well as capture essential wireless remote monitoring (wRMON) information not previously available. Now we can easily and remotely troubleshoot user and RF problems,” said Joshua Wright, senior network and security architect for Johnson & Wales University.

Johnson and Wales provides network service to 16,000 students across five campuses in the United States (see separate release). Wright currently supports a legacy 802.11b infrastructure with more than 250 APs. These APs are now being terminated on Aruba 5000 WLAN switches. The move to higher speed 802.11a wireless access is being made through the deployment of Aruba 50 access points that also function as RF probes.

Wright noted that the decision to standardize on Aruba was based on the flexibility of being able to remotely capture and analyze traffic at geographically dispersed campuses and being able to add capacity on the fly by changing RF probes to APs on demand.

“I can now grab 802.11 packets out of the air from across the campus or across the world to see what’s going on, just like I can with my existing wired networks,” noted Wright. “This saves me time, money and gives me the power to keep wireless users happy wherever they are.”

Pricing and Availability

Available immediately, Aruba is offering RF Lock as a module under RF Director as well as in two packaged solutions for campus and distributed office environments.

Aruba’s RF Lock module for RF-Director is priced at $10,000. The RF Lock 20 solution is designed for dense campus environments and combines an Aruba WLAN switch and 20 RF probes for US $30,000. Aruba’s RF Lock 5 is designed for more distributed deployments and combines an Aruba WLAN switch with five RF probes for US $15,000. Additional RF probes can be added to either RF Lock solution for $500 per probe.

-30-