Menu
Cisco and Aruba jump on next-gen wireless security

Cisco and Aruba jump on next-gen wireless security

Aruba Wireless Networks claims to have stolen a march on the rest of the market with support for the newly ratified 802.11i security standard, while Cisco Systems is reported to be preparing WLAN products with AES encryption, a key feature of 802.11i.

Both companies are taking their cue from the recent completion of 802.11i, a major step forward for the wireless industry, which has struggled to assure customers of adequate security. Vendors have introduced their own additional security measures, and the industry created the stopgap Wireless Protected Access (WPA) while awaiting 802.11i, but until last month there was no standardised way of ensuring sufficient protection for WLANs.

The standard is expected to fuel a boom in wireless networking in enterprises and government bodies.

"We've been waiting for this for the past three years, really," Ovum analyst, Graham Titterington, said. "It has got to help the industry in the long term."

The Wi-Fi Alliance will launch interoperability certification testing for 802.11i in September under the brand name WPA2, but Aruba said it is already in field trials with customers, and will begin beta testing in August. The company won't be able to claim 802.11i compliance until it completes testing, but promises it will be able to offer 802.11i before its rivals because of a centralized architecture.

While most WLAN equipment makers will implement the standard in each access point, Aruba will carry out all encryption in a centralised, software-programmable hardware engine, the company said.

"This provides investment protection to our customers as well as giving us a time-to-market advantage with new features such as 802.11i, since we don 't need to wait for our radio suppliers to release new drivers," Aruba chief technology officer, Merwyn Andrade, said.

Centralisation sped up network performance and allowed companies to combine encryption with functions such as authentication and security policy enforcement, Aruba said. It also meanr that traffic stayed encrypted across the network until it reached the Aruba system, and that encryption keys did not need to be exchanged across the network or stored on access points.

"Serious concerns still exist regarding the exchange of encryption keys that are flying around corporate network, completely unprotected," Farpoint Group analyst, Craig Mathias, said.

Aruba's system won't be for everyone, however, Ovum's Titterington said.

Customers would have to decide whether it was necessary to use a dedicated engine for encryption and other security functions instead of simply upgrading access points.

"It would only make sense for installations that are quite large and quite centralized," he said.

One of the most important aspects of 802.11i is the Advanced Encryption Standard (AES), which uses an encryption algorithm developed in Belgium and chosen by the US government as the new Federal Information Processing Standard in 2001.

Wireless chip makers Atheros Communications and Broadcom have been shipping AES-enabled silicon since early 2003.

AES support would be a boon for large organisations that have standardised on gear from Cisco, a dominant force in the networking world. Cisco would not comment on unannounced products.

If Cisco has lagged on AES support somewhat, it might be due to some confusion in its overall approach to wireless security, Titterington said. "They've had a bit of a muddled stance," he said.


Follow Us

Join the newsletter!

Or
Error: Please check your email address.
Show Comments