Aruba Networks Becomes the First Wireless Switch Vendor Certified to Provide Secure 802.11i Wireless LANs to the U.S. Government4 April 2006
Aruba Networks, the Mobile Edge company, today announced that it is the first vendor certified by the National Institute for Standards and Technology (NIST) as having achieved Federal Information Processing Standards (FIPS) 140-2 level 2 validation for IEEE 802.11i wireless LAN systems. This makes Aruba the first company able to provide secure wireless LANs (WLANs) to the U.S. Federal government using the IEEE 802.11i standard.
"We are very pleased to be the first infrastructure vendor to achieve FIPS validation for 802.11i. The capabilities provided by our systems meet the demanding needs of our Federal customers and set a high bar for WLAN security with end-to-end Layer 2 encryption and policy management in a single security boundary," said Merv Andrade, CTO at Aruba Networks. "This announcement demonstrates clear leadership and commitment to interoperable standards by Aruba in a security-conscious market segment that is being closely watched by enterprise customers as they evaluate and plan 802.11i deployments."
Recently approved by NIST, 802.11i is a WLAN security standard that significantly improves the security of WLAN communications when operating in the FIPS-approved Robust Security Network (RSN) mode. New WLAN policies from the Department of Defense (DoD) are expected to mandate that all network infrastructure and clients used by the federal government in unclassified wireless environments must be FIPS 140-2 approved for 802.11i. Migrating to 802.11i, however, requires hardware upgrades for legacy access points and client stations.
The market for wireless technology within the Federal government is currently transitioning from a complete moratorium on the use of Wi-Fi technology to evaluating Commercial Off-The-Shelf (COTS) technologies, such as 802.11i, to enable wireless as a mainstream means of transport. As the government awaits DoD policies and interoperable FIPS-approved 802.11i solutions and clients, Aruba offers a cost-effective transition strategy with it's FIPS-validated xSec protocol suite based on the Advanced Encryption Standard and Cipher Block Chaining-Message Authentication Code (AES-CBC-256) cipher suites. This offers Federal customers that need to deploy today a seamless and non-disruptive transition plan to standards-based 802.11i.
While other vendors offer FIPS-validated point products or systems that are proprietary, Aruba is the first and only vendor to offer an integrated system for the Federal marketplace, including wireless intrusion detection and prevention, FIPS-validated Layer 2 and 3 encryption, and proven transition to FIPS 140-2 approved 802.11i. Aruba has completed the FIPS-validation process for 802.11i, which typically takes at least nine months, and believes it is several months ahead of competing solutions. Other vendors' progress towards FIPS validation can be viewed at http://csrc.nist.gov/cryptval/preval.htm
"FIPS140-2 compliance is an essential requirement for the federal market," said Craig Mathias, a Principal with the wireless and mobile advisory firm Farpoint Group (Ashland, MA). "With this announcement, Aruba's federal solution integrates FIPS-validated security with a proven, high-performance centralized and comprehensive WLAN architecture -- everything needed for even the most demanding security-intensive applications."
With Aruba's Mobile Edge architecture, government agencies can now easily and securely deploy standards-based COTS Wi-Fi across their organization without having to install different FIPS-validated wireless security products, each of which adds significant complexity and cost. Other wireless systems distribute security in different devices such as access points (APs), controllers and firewalls, meaning each device must obtain FIPS-validation and re-validation in the event of any security change. In addition, these devices prohibit some of the primary benefits of mobility, such as roaming between access points and high availability through failover.
Aruba solves these problems by integrating and centralizing multiple security services, management technology and L2/L3 encryption within its mobility controller installed within the data center. Consequently, as wireless switches evolve, Aruba APs do not require FIPS re-validation because all encryption is centralized within Aruba's mobility systems. Since a single WLAN can have hundreds or thousands of APs, having to upgrade each to maintain FIPS compliance would be logistically and economically prohibitive. With Aruba's centralized system, Federal agencies realize the lowest total cost of ownership, highest performance and most robust COTS security available for any wireless LAN system on the market.
Aruba is also the only WLAN systems supplier that has been validated as correctly implementing the AES-CCM algorithm in hardware as defined by NIST, a required component of the IEEE 80211i specification. Aruba's centralized encryption architecture allows it to use high-end hardware capable of passing strict FIPS 140-2 AES-CCM tests. Currently, vendors implementing distributed encryption are in the process of FIPS 140-2 validation using lower performance software encryption.
Next-Generation Wireless for the Federal Market
Aruba's mobility systems are the only ones in the industry that integrate wireless intrusion detection and prevention, virtual private networking, stateful user firewalls, advanced cryptographic encryption and on-demand client integrity within a centralized, high-performance platform. This eliminates the need for agencies to purchase, deploy and manage different systems, each of which solves a specific security problem.
For the Federal Market, Aruba's Mobile Edge solution delivers unique advantages that no other WLAN system can provide. These include:
-- Programmable encryption to enable seamless transition to
AES-CCM/802.11i and AES-CBC 256 bit for both wired and wireless devices
without requiring hardware upgrades
-- Defense-in-depth security that provides integrated multi-layered
support that locks the air, the wire, the network and the user
-- Unprecedented scalability and performance that enables government
agencies to support hundreds of APs and thousands of users on a single
system while delivering multiple gigabits of encrypted throughput
-- Co-located security and mobility context that lets Federal
organizations define and enforce security policies that follow each
user
-- Low cost and non-disruptive transition plan by providing a
current-best-of-breed solution with FIPS 140-2 approved xSec
termination to standards-based FIPS 140-2 approved 802.11i
Aruba has also taken innovation in this space one step further by providing EAP-offload capability in its FIPS-validated software. With EAP-offload, sensitive authentication and key management transactions are completed within the secure cryptographic boundary of the centralized mobility controller and do not need to be transmitted as clear text or using weak encryption algorithms between the mobility controller and an external RADIUS server.
Alternately Aruba also secures EAP-capable RADIUS servers by providing RADIUS-over-IPSec functionality as recommended by RFC 3579. This offers the industry's first single-box FIPS solution for non-disruptive wireless overlay deployment.
Availability
The Aruba 6000, the only modular FIPS-validated mobility controller on the market, and the Aruba 800 are available immediately from a number of Federal integrators and resellers, including General Dynamics, Apptis, iGov, and LTI Datacomm, as well as via a GSA schedule contract. Pricing is available upon request.
About Aruba Networks, Inc.
Aruba Networks is a fast-growing enterprise infrastructure company enabling the mobile edge, an evolutionary new network architecture that addresses three top concerns of IT managers -- mobility, security, and convergence. The mobile edge extends the reach of enterprise networks, providing secure access to information and voice services anywhere a user needs them, enabling new applications, allowing organizations to compete more effectively, and bringing about dramatic economic benefits. To deliver the mobile edge, Aruba manufactures and markets a complete line of fixed and modular mobility controllers, wired and wireless access points, and an advanced mobility software suite. Privately held and based in Sunnyvale, California, Aruba has operations in the United States, Europe, the Middle East, and Asia Pacific, and employs staff around the world. To learn more, please visit Aruba at http://www.arubanetworks.com .
NOTE: Aruba Networks and Aruba The Mobile Edge Company are trademarks of Aruba Wireless Networks, Inc. All other trademarks or registered trademarks are the property of their respective holders.
Source: prnewswire
All trademarks and copyrighted information contained herein are the property of their respective owners.
Related Articles
|
