ARUBA WIRELESS NETWORKS FIRST TO BRING 802.11i TO LIFE
Announces First and Only 802.11i Support within a Centralized Wireless LAN Switching System
SAN JOSE, CALIFORNIA — July 19, 2004 — Aruba Wireless Networks™ (Aruba) today announced the industry’s first and only support for the newly ratified 802.11i standard on a centralized wireless LAN (WLAN) switching system. Early field trials with select customers are underway, and general beta testing of its 802.11i implementation is slated to begin in August.
By implementing all encryption in a centralized high-speed, software-programmable hardware encryption engine rather than in individual access points, Aruba was able to be first to market with the most secure implementation of the latest security standard from the IEEE.
"While we, like other wireless vendors, make use of standard off-the-shelf radio components, we leave a large portion of their capabilities disabled in the access point," said Merwyn Andrade, CTO of Aruba Wireless Networks and contributor to the IEEE 802.11i specification. "Instead, we implement these functions in a central programmable controller and switching system that provides services to multiple APs. This provides investment protection to our customers as well as giving us a timeto- market advantage with new features such as 802.11i, since we don’t need to wait for our radio suppliers to release new drivers."
By centralizing all encryption, corporations can build more secure and higher performing wireless LAN environments best suited to support the new 802.11i standard - bringing it together with other essential network security technologies such as authentication and stateful policy enforcement. All wireless traffic is transparently bridged, at LAN-speeds over secure IP tunnels, and remains encrypted across the corporate wired network until it reaches Aruba’s centralized wireless security system.
"While 802.11i delivers the strong encryption previously missing from wireless LANs, it isn’t the holy grail that the wireless industry has been desperately seeking," said Craig Mathias, principal at Farpoint Group. "Serious concerns still exist regarding the exchange of encryption keys that are flying around corporate network, completely unprotected. Centralized architectures add an extra margin of safety no matter what security policy (and technologies) an enterprise adopts."
Conventional WLAN systems decrypt wireless traffic at the AP, requiring encryption keys to be stored on or pushed to those APs. This poses serious security risks if an access point is lost or stolen, or if those encryption keys are otherwise intercepted or redirected.
To implement fast mobility between APs, legacy wireless systems must exchange complex state information between all possible APs. This causes unwanted latency and complexity.
Unlike these systems, Aruba’s WLAN switching solution eliminates the need for complicated authentication state to be exchanged between APs by processing all authentication and encryption within a centralized system. This eliminates the latencies, vulnerabilities and the complexity associated with proprietary wireless environments.
While 802.11i represents a strong initial barrier to entering a wireless network, additional security must be implemented to achieve defense in-depth security. This includes RF security to lock the air, separating users and devices into roles for secure quarantining and traffic profiling to prevent devices from piggybacking each other. This ensures that both valid users who have been authenticated as well as "dumb" devices such as VoFi phones that don’t support 802.11i only have access to the appropriate network resources.
For instance an 802.11i-capable phone, once authenticated, should only be allowed to pass SIP (session initiation protocol) traffic and be restricted from any other data transmissions. If firewalling and packet inspection isn’t performed at the same point as decryption and authentication, this level of security simply cannot be achieved.
-30-
Aruba Wireless Networks is a trademark of Aruba Wireless Networks all trademarks of their respective companies. All other trademarks are the property of their respective owners.