Aruba Networks has announced that it has become the first company to receive wireless certification by ICSA Labs, an independent division of Cybertrust, Inc.
ICSA Labs' new Wireless Product Security Testing Program is expected to become the benchmark by which companies evaluate the value and security of next generation WLAN systems. ICSA Labs testing is considered to be the most rigorous and comprehensive in the world.
As in other ICSA certification programs, ICSA Labs Wireless Product Security Testing certification verifies that systems meet the rigid technical requirements of its Cryptography Certification Program as well as other essential requirements for enabling robust security within a WLAN. With this certification, Aruba customers can be assured that advanced security functions, such as 802.11i, are properly implemented and work as tested against ICSA Labs' publicly vetted and published criteria.
"Aruba's system was the first product to attain this important milestone by demonstrating the effective implementation of WPA, WPA2 and 802.11i, including secure key management, secure roaming and advanced cryptographic processing," said Al Potter, lead analyst for ICSA Labs Wireless Program.
Potter further noted the importance of centralised encryption and key management. "Sending accessible, unencrypted cryptographic keys across a network can compromise network security. We've found a completely centralised model, such as that implemented by Aruba, to be a best practice in WLAN security."
ICSA Labs Wireless Product Security Testing Program Certification Details
To achieve the ICSA Labs Wireless Product Security Testing Program certification, the Aruba 2400 mobility controller and Aruba AP 61 and AP 70 access points were run through a battery of tests. These tests validated the proper implementation of technology and standards in six critical areas: default configuration, session establishment, authentication, key management, access control and data protection. Testing criteria included:
-- Secure default configurations, data protection and countermeasures
-- Secure roaming in accordance with IEEE 802.11i procedures
-- Random number generation for cryptographic encryption keys
-- Secure key management, distribution and destruction
-- Cryptographic algorithm implementation
-- Proper negotiation of IEEE 802.1X Pairwise Master Keys
-- Demonstrable support for EAP-TLS and EAP-PEAP
-- Denial of client access upon authentication failure
-- TKIP or CCMP data protection
"ICSA Labs Wireless Product Security Testing certification gives our customers the assurance they need to deploy wireless as a mission-critical network," said Jon Green, product manager for Aruba Networks. "The testing and certification criteria dig down into topics such as how random a random number generator really is and how secure the factory defaults are to ensure products truly delivery enterprise-class security and reliability. We expect companies worldwide to make ICSA Labs Wireless Product Security Testing certification the gold standard for evaluating security in wireless equipment."
Wireless Security without Compromise
Aruba's mobility system uniquely combines state-of-the-art security technology and advanced RF management capabilities into the industry's most scalable WLAN systems. These systems are capable of supporting hundreds of access points and thousands of simultaneous wireless users.
Aruba remains the only WLAN system on the market today to combine both L2and L3 encryption, a full ICSA-certified stateful firewall and wireless intrusion protection technology within the same product.
This defense-in-depth approach to wireless security completely protects enterprise networks while ensuring secure user mobility by:
-- Locking the air with integrated wireless intrusion protection
-- Locking the data with device-to-data centre centralized encryption
-- Locking the network with user authentication and role-based access
-- Locking the device with station authentication and end-point
-- Locking the user with a user-aware policy enforcement firewall
Unlike other systems, Aruba centralises all encryption within each mobility controller through software-programmable hardware that performs encryption for the entire system at gigabit rates, ensuring device-to-data centre privacy of user data. And because encryption is centralised, Aruba's systems do not pose the security risk associated with other solutions that constantly distribute throughout the network the cryptographic keys used to encrypt and decrypt traffic at the AP.
Additionally, Aruba's stateful policy enforcement firewall is the first ICSA Labs certified firewall to integrate the concepts of user identity, user location and device trust while following users as they move within a wireless network. Every packet that crosses WLAN can now be associated to an individual user and a specific application (e.g. SIP, FTP, HTTP, etc.) at LAN speeds with the appropriate levels of security and prioritisation.