Executive Summart
It’s a common misconception: Enterprise network managers too often assume strong encryption equals strong security for wireless LAN (WLAN) traffic.
Certainly, WPA2 Enterprise offers better authentication and encryption options than many organizations deploy in their wired networks. But WLANs involve many other potential vulnerabilities: Rogue access points (APs); denial-of-service attacks against clients; and targeted attacks against WLAN infrastructure all can lead to leakage of sensitive data. The threat to
enterprise WLANs is real and growing.
The RFProtect capabilities in Aruba Networks’ ArubaOS operating system for Mobility Controllers, along with the company’s AirWave Management System, use deep knowledge of 802.11 WLAN protocols, correlated with information from the wired network, to detect, classify, and block attacks and wireless vulnerabilities. Aruba commissioned Network Test and Brad “RenderMan” Haines, a widely known wireless penetration tester and speaker at security conferences, to assess the effectiveness of its network security products. Tests involved a battery of published and unpublished attacks, all conducted on a 20,000-square-foot over-the-air test bed.
Among the key findings of the security tests:
- ArubaOS and AirWave correctly detected 11 different forms of rogue APs
- In all cases attempted, multiple wireless intrusion detection (WIP) sensors – both Access Points and Air Monitors – simultaneously detected unauthorized devices and actions.
- In all cases attempted, the Aruba system effectively contained unauthorized clients and rogue APs, thus preventing leakage of enterprise data. Containment used wired as well as wireless methods to block attack traffic
- The AirWave RAPIDS intrusion detection software allowed quick, simple definition of custom rules, making it possible to match on multiple attack conditions
- ArubaOS correctly detected multiple forms of attack against wireless clients and wireless management infrastructure, including denial-of-service attacks