August 16, 2004

ARUBA WIRELESS NETWORKS' CENTRALIZED WLAN SYSTEM FIRST TO RECEIVE ICSA FIREWALL CERTIFICATION

Integrated User-Aware Mobile Firewall Uniquely Enforces Mobile Security Policies for Corporate Wi-Fi Access

ICSA Labs Certified

SAN JOSE, CALIFORNIA - August 16, 2004 - Aruba Wireless Networks™ (Aruba) today announced that its centralized wireless LAN system is the first in its category to receive firewall certification by ICSA Labs, an independent division of TruSecure Corporation.

With this certification, Aruba now becomes the only vendor in the industry that can secure mobile access based on accepted industry best practices for enforcing security policies in a corporate network. ICSA Labs' firewall certification is the industry's gold standard that all products claiming to have firewall capabilities must attain.

With this certification, Aruba customers have the added assurance that Wi-Fi access to their corporate networks will be reliably secured based on mobile security policies. A mobile security policy lets corporations define rules for connecting mobile users and devices into the corporate network over the air or over the wire. These rules, the most comprehensive in the industry, include:

  1. User identity
  2. Resources that the user is authorized to access
  3. Applications for which the user is authorized
  4. Location from which the user is requesting access
  5. Time-of-day when the user is requesting access
  6. Authorization of mobile devices being used to gain access
  7. Integrity of mobile devices including checks for viruses and worms
  8. Type of the authentication and encryption being used for access

"With the explosion of Wi-Fi within the enterprise, the need for a stateful firewall that can be used to enforce mobile security policies based on user identity is becoming important," said Brian Monkman, technology programs manager, ICSA Labs. "ICSA Labs, working with product vendors and corporate users, have developed the most thorough and rigorous set of accepted criteria for firewall testing and certification. This certification, like all ICSA Lab certifications, helps end users make informed security purchasing decisions for their organizations."

According to ICSA Labs, the Aruba WLAN switch has passed its Modular Firewall Certification Criteria Version 4.0, which is the culmination of years of work with industry experts, end users and the Firewall Product Developers Consortium - an international forum of competing developers of firewall products that work toward common goals to benefit both members and end users. Once tested, the vendor's products remain in ICSA Labs' firewall certification lab for ongoing certification of product upgrades and assessment against the latest security vulnerabilities. To achieve ICSA certification, corporate vendors must completely satisfy all functional and assurance requirements in the Baseline module and all requirements in the Corporate Category of the Required Services Security Policy module.

Mobility Breaks Security - People Move, Security Must Follow

Mobility, by definition, frees the user and the device from the secure confines of an enterprise LAN -allowing them to connect to open foreign networks. As mobile users, devices and access methods continue to proliferate into the enterprise; they have become a primary source of internal security breaches on corporate networks everywhere.

Consequently, corporate information security officers must now define mobile security policies that defend the corporate network from the multiple threats of mobility and yet, safely enables Wi-Fi access into corporate networks. Aruba's centralized WLAN system is purpose-built to enforce these business policies and protect corporate networks from the mobility threat while also enabling safe Wi-Fi access.

Complete Wireless Security, Your Wired Network Depends on It

Traditional security appliances built for perimeter security do an effective job of securing the Internet edge of a corporate network. However, they lack the user context required to effectively secure Wi-Fi access, which creates an insecure edge inside the corporate network.

Securing Wi-Fi access requires the network to first authenticate the user and then apply security policies based on this user identity. Mobility complicates security since the user is not tied to a physical port and can show up at any location on the wireless network.

Aruba's mobile firewall is the first ICSA-certified stateful firewall to integrate the concepts of user identity, user location and device trust while following users as they move within a wireless network. With Aruba's mobile firewall, every packet that crosses WLAN can be associated to an individual user and a specific application (e.g. SIP, FTP, HTTP, etc.) at LAN speeds with the appropriate levels of security and prioritization.

"For corporations, ICSA certification plays a critical role in their evaluation process, knowing it validates the product's performance against the Lab's independent testing criteria," said Jon Green, director of Product Management for Aruba Wireless Networks. "Aruba remains the only centralized wireless vendor today that delivers an integrated stateful firewall that allows corporations to enforce security policies that follow users wherever they move."

Visitor or guest access policies are also governed by a mobile security policy. Aruba's mobile firewall is able to distinguish guests from corporate users with much more granularity to provide differentiated access according to the business rules governing guest access.

ICSA Firewall Certification Details

To achieve ICSA Labs Firewall Certification, the Aruba 5000 was run through a battery of tests to demonstrate that it could provide protection in a variety of areas including authenticated administration, logging, persistence, functional testing, security and documentation. The ICSA firewall certification tested functionality such as:

  • Proper enforcement of security policies
  • No unauthorized control of its administrative functions
  • Protection against denial of service (DoS) attacks
  • The ability to handle fragmented packets properly
  • Restoration and re-enforcement of security policies upon power loss
  • The ability to log any security policy violation and to store logs using a persistent storage mechanism
  • Support for encrypted access to the administrative interface, such as SSH and HTTPS

The firewall must also offer functional control for concurrently active wireless networks; maintain consistent protection across multiple successive wireless connections; protect common external network attacks, provide for restriction of outgoing network communication, and log events in a consistent and useful manner. Complete criteria may be found at http://www.icsalabs.com.

-30-

About ICSA Labs

ICSA Labs, a division of TruSecure Corporation, offers vendor-neutral testing and certification of security products. Hundreds of the world's top security vendors submit their products for testing and certification at ICSA Labs. The end-users of security technologies rely on ICSA Labs to authoritatively set and apply objective testing and certification criteria for measuring product compliance and reliability. The organization tests products in key technology categories such as anti-virus, firewall, IPSec VPN, cryptography, intrusion detection, PC firewall, content security, SSL-VPN and Wireless LAN. For more information about ICSA Labs, please visit: http://www.icsalabs.com.

Aruba Wireless Networks is a trademark of Aruba Wireless Networks all trademarks of their respective companies. All other trademarks are the property of their respective owners.