A more secure WiFi from Aruba
- 20 December, 2003 22:00
Aruba Wireless Networks has launched version 2.0 of its AirOS operating software, aimed at increasing its ability to prevent attacks, and managing the airwaves better. It also has a better user interface.
The announcement comes hot on the heels of updates from rivals Airespace and Trapeze Networks.
"The major theme is RF security," said David Callisch, director of marketing at Aruba. RF management and security are two factors that Aruba has made much of in past announcements. "We are largely a software company enabled by hardware, so it is easy for us to have major advances really quickly," he continued. "It has all become code. You are going to see major releases at least every quarter." This release is a free upgrade — something of a Christmas present to all Aruba customers.
In the new version, access points are now able to look out for specific signatures of MAC spoofing and man-in-the-middle attacks. "We can add new signatures," said Callisch. As new attacks are discovered the signatures will be distributed to users via Aruba's support site.
We would guess that, if wireless attacks keep developing at the rate they have been. this will become a major part of Aruba's dealings with customers. Perhaps a subscription service of some sort may evolve.
With WiFi security still paramount in convincing big corporations, Aruba is going for certification by security organisation ICSA. "We have a stateful, application firewall," said Callisch, pointing out that wireless firewalls have to be different from conventional ones as they handle attacks that could come from infected laptops within the network, not just from outside. Other suppliers, he said, only have a packet filter: We track application flows, and can apply security on a user by user basis."
To improve radio calibration, Aruba has given its access points the ability to check their local environment for themselves, after initial calibration, so they can request permission from the switch to move to a different channel if appropriate, to avoid interference or get a better signal. "We have centralised the understanding of the entire environment, but access points can make the best local decision based on the environment round them," said Callisch.
Access points can also detect interference from the rapidly increasing number of WiFi devices that might appear in offices (PDAs and phones for instance) and call for help from network admins. They can also spot holes in the coverage, basically by listening out for the distance cries of laptops in distress: "They can look at the signal strength from clients and spot clients unable to associate with any access point," said Callisch.
One fly in the ointment is that Aruba's AirOS software has a very similar name to Airespace's AireOS software, contributing to everyone's difficulty in telling the A-teams apart. "We got AirOS first," said Callisch. "We've been out for a while, and had product a quarter ahead of Airespace."
Expect big news about customers, he said. Although Airespace can point to more customers, he said, Aruba is going for bigger ones: "We have larger guys — our box is built to scale."