Aruba Networks, is the first vendor certified by the National Institute for Standards and Technology (NIST) as having achieved Federal Information Processing Standards (FIPS) 140-2 level 2 validation for IEEE 802.11i wireless LAN systems. Aruba said this enables it to provide secure WLANs to the U.S. Federal government using the IEEE 802.11i standard.
Recently approved by NIST, 802.11i is a WLAN security standard that significantly improves the security of WLAN communications when operating in the FIPS-approved Robust Security Network (RSN) mode. New WLAN policies from the Department of Defense (DoD) are expected to mandate that all network infrastructure and clients used by the federal government in unclassified wireless environments must be FIPS 140-2 approved for 802.11i.
Aruba noted the Federal government has to date maintained a moratorium on the use of Wi-Fi technology. The government is now evaluating Commercial Off-The-Shelf (COTS) technologies, such as 802.11i.
Aruba's mobility systems integrate wireless intrusion detection and prevention, virtual private networking, stateful user firewalls, advanced cryptographic encryption and on-demand client integrity within a centralized, high-performance platform. For the Federal Market, Aruba's Mobile Edge solution features:
- Programmable encryption to enable seamless transition to AES-CCM/802.11i and AES-CBC 256 bit for both wired and wireless devices
without requiring hardware upgrades - Defense-in-depth security that provides integrated multi-layered support that locks the air, the wire, the network and the user
- Scalability and performance to support hundreds of APs and thousands of users on a single system while delivering multiple gigabits of encrypted throughput
- Co-located security and mobility context with security policies that follow each user
- Low cost and non-disruptive transition plan by providing a solution with FIPS 140-2 approved xSec termination to standards-based FIPS 140-2 approved 802.11i
Aruba also provides EAP-offload capability in its FIPS-validated software. With EAP-offload, sensitive authentication and key management transactions are completed within the secure cryptographic boundary of the centralized mobility controller and do not need to be transmitted as clear text or using weak encryption algorithms between the mobility controller and an external RADIUS server.
Alternately, Aruba also secures EAP-capable RADIUS servers by providing RADIUS-over-IPSec functionality as recommended by RFC 3579. http://www.arubanetworks.comhttp://csrc.nist.gov/cryptval/preval.htm
