Want Real Wi-Fi Security? Aruba’s Got It

If you’re looking for the same security the government uses for a good deal of classified traffic, Aruba’s new Advanced Cryptography Module (ACM) extensions to their Mobile Virtual Enterprise (MOVE) architecture may be just the ticket.

Having worked in government high-security environments, two things come to mind: how seriously security needs to be taken here (mistakes are simply not allowed), and how wireless LANs to date have been forbidden in most of these applications, even with cumbersome and expensive external crypto units. I'm talking, BTW, about the bulk of government work, that which is classified Secret or Confidential ("sensitive but unclassified" is addressed via FIPS 140-2); there are a number of higher classifications, of course, but Secret is the workhorse. But now Aruba Networks has announced the availability of the Advanced Cryptography Module (ACM) software enhancements to their already robust suite of security capabilities by supporting what's known as Suite B, a National Security Agency (NSA) designation for cryptography suitable for use in programs classified up to the level of Secret. In addition to enhanced 128- and 256-bit AES, this standard also includes elliptic-curve and SHA-2 algorithms. These forms of encryption are believed to be very secure, although I suspect that NSA itself has the power to snoop on them without too much trouble should the need arise, hence their approval. Yes, there's also a Suite A for highly classified stuff, and, of course, Suite A itself is, um, just between us, highly classified and I doubt you're going to find this available outside of government apps anytime soon. Nonetheless, I'm sure you security expects out there will agree that Suite B is plenty secure regardless.

But - and this is important - the applicability of Suite B goes way beyond government work. There are still those who are so skeptical of WLAN security that they simply will not use WLANs at all. OK, then, if this new development from Aruba doesn't make those folks happy, I don't know what will. Couple Suite B with some kind of 802.1X and some kind of VPN, and, really, that's pretty secure. Even the NSA, I'm sure, would have to spend an entire fascinating afternoon cracking that combination.

Yes, Aruba's VIA client works with all this, but keep in mind that Suite B is a publicly-available specification, so I suspect there will be a lot of compatible clients about over the next few years. At any rate, if you've been holding off finally converting the edge of your network to wireless simply because of concerns about security, well, you've run out of excuses.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2011 IDG Communications, Inc.