ARUBA NETWORKS DELIVERS THE ONLY WIRELESS LAN SYSTEM TO COMPLY WITH DEPARTMENT OF DEFENSE MANDATE FOR WIRELESS ACCESS AND IDS
New DoD Policy Elevates the Strategic and Economic Value of Centralized Encryption
SUNNYVALE, Calif., June 28, 2006 - Aruba Networks, the Mobile Edge company, today announced that it is delivering the only Wireless LAN (WLAN) system that meets all requirements of the U.S. Department of Defense's (DoD's) recent mandate on secure wireless access and Intrusion Detection Systems (IDS). DoD Directive (DoDD) 8100.2, which was released on June 2, 2006, provides additional guidance on the requirements for any wireless device that is connected to the DoD Global Information Grid and specifies that all such systems should be capable of delivering integrated IDS in addition to other security measures.
As the first and only vendor certified by the National Institute for Standards and Technology (NIST) as having achieved Federal Information Processing Standards (FIPS) 140-2 Level 2 validation for IEEE 802.11i wireless LAN systems, Aruba is the only company able to provide a single system for secure WLANs and IDS to the U.S. Federal government.
Per DoDD 8100.2, "encryption for unclassified data in transit via WLAN-enabled devices, systems, and technologies must be implemented end-to-end over an assured channel and be validated by NIST as meeting requirements per FIPS 140-2 Overall Level 1 at a minimum. If WLAN infrastructure devices which store keying information are used in public unprotected environments, then those products must meet FIPS 140-2 Overall Level 2".
Aruba Networks WLAN systems perform all encryption and security functions centrally within the mobility controller; no encryption keys are distributed to the wireless access points (APs). This centralized encryption and integrated security boundary obviates the need to FIPS validate the access points and the control channel between the access points and the mobility controller. Other WLAN systems that use distributed encryption and store keys in access points must go through the FIPS validation process for their APs and control channel, increasing both the costs and time to market for using Commercial Off-The-Shelf (COTS) technology within the Federal marketplace.
"This is yet another in a series of 'industry firsts' for Aruba and the Federal market," said Merwyn Andrade, CTO at Aruba Networks. "While other vendors claim they are delivering products that meet these criteria, many of these have not undergone the rigorous validation process required to actually deliver a solution. Government agencies that are evaluating WLANs for use in Federal networks need to closely examine each solution to determine they meet all elements of directive 8100.2."
The market for wireless technology within the Federal government is currently transitioning from a complete moratorium on the use of Wi-Fi technology to evaluating COTS technologies, such as 802.11i, to enable wireless as a mainstream means of transport. DoD Directive 8100.2 represents a continuation of this trend, as it provides detailed requirements for security measures for any Wi-Fi device connecting to the DoD's network. In addition to end-to-end encryption over an assured channel, all wireless devices must include the following:
- WLAN Authentication and Encryption - Starting in FY 2007, new acquisitions of wireless technology must be 802.11i compliant and WPA2 Enterprise certified, implement 802.1X access control with EAP-TLS mutual authentication, and a configuration that ensures the exclusive use of FIPS 140-2 minimum overall Level 1 validated AES-CCMP communications.
- Strong Identification and Authentication - Minimum 2-factor authentication in compliance with DoD procedures.
- Wireless Intrusion Detection Systems (WIDS) - WIDS are required for all DoD wired and wireless LANs. These systems must continuously scan for and detect authorized and unauthorized devices 24 hours a day, seven days a week, as well as have the ability to sense a rogue device's location.
- Validation - All of the above capabilities must be validated under National Information Assurance Partnership (NIAP) Common Criteria (CC) with Protection Profile when available.
Aruba is the first and only vendor to offer an integrated system for the Federal marketplace that meets each of these criteria, including centralized encryption for 802.11i, as well as continuously scanning and location-based WIDS across all bands (802.11 a, b and g). Aruba is already on the "In Process" list for CC certification with a NIAP-approved Security Target (ST), and is collaborating with peers in the industry, NIAP and NSA on evolving Draft Protection Profiles. Additionally, Aruba has already undergone the comprehensive testing to become FIPS 140-2-validated, which is required in order to sell systems to the Federal government. Other vendors' progress towards FIPS validation can be viewed at http://csrc.nist.gov/cryptval/preval.htm
While other vendors offer FIPS 140-2 validated point products or systems that are proprietary or require additional add-on systems, Aruba's Mobile Edge architecture enables government agencies to deploy standards-based COTS Wi-Fi across their organization.
Next-Generation Wireless for the Federal Market
Aruba's mobility systems are the only ones in the industry that integrate wireless intrusion detection and prevention, virtual private networking, stateful user firewalls, advanced cryptographic encryption and on-demand client integrity within a centralized, high-performance platform. This eliminates the need for agencies to purchase, deploy and manage different systems, each of which solves a specific security problem.
For the Federal Market, Aruba's Mobile Edge solution delivers unique advantages that no other WLAN system can provide. These include:
- Centralized encryption provides end-to-end assured channel through third-party or Aruba thin access points eliminating the need for FIPS validation of APs and proprietary controller to AP protocols.
- Low cost and non-disruptive transition plan from FIPS 140-2 validated xSec protocol to a standards-based FIPS 140-2 approved 802.11i solution without requiring hardware upgrades
- Defense-in-depth security that provides integrated multi-layered support that locks the air, the wire, the network and the user
- Unprecedented scalability and performance that enables government agencies to support hundreds of APs and thousands of users on a single system while delivering multiple gigabits of encrypted throughput
- Co-located security and mobility context that lets Federal organizations define and enforce security policies that follow each user
Availability
The Aruba 6000 and the Aruba 800 mobility controllers are available immediately from a number of Federal integrators and resellers, including General Dynamics, Apptis, iGov, All Points Logistics and LTI Datacomm, as well as via a GSA schedule contract. Pricing is available upon request.