Cisco and Aruba jump on next-gen wireless security

Aruba Wireless Networks Inc. claims to have stolen a march on the rest of the market with support for the newly ratified 802.11i security standard, while Cisco Systems Inc. is reported to be preparing WLAN products with AES encryption, a key feature of 802.11i.

Both companies are taking their cue from the recent completion of 802.11i, a major step forward for the wireless industry, which has struggled to assure customers of adequate security. Vendors have introduced their own additional security measures, and the industry created the stopgap WPA (Wireless Protected Access) while awaiting 802.11i, but until last month there was no standardized way of ensuring sufficient protection for WLANs.

The standard is expected to fuel a boom in wireless networking in enterprises and government bodies. "We've been waiting for this for the past three years, really," said Ovum Ltd. analyst Graham Titterington. "It has got to help the industry in the long term."

The Wi-Fi Alliance will launch interoperability certification testing for 802.11i in September under the brand name WPA2, but Aruba said it is already in field trials with customers, and will begin beta testing in August. The company won't be able to claim 802.11i compliance until it completes testing, but promises it will be able to offer 802.11i before its rivals because of a centralized architecture.

While most WLAN equipment makers will implement the standard in each access point, Aruba will carry out all encryption in a centralized, software-programmable hardware engine, the company said. "This provides investment protection to our customers as well as giving us a time-to-market advantage with new features such as 802.11i, since we don't need to wait for our radio suppliers to release new drivers," said Aruba chief technology officer Merwyn Andrade.

Centralization speeds up network performance and allows companies to combine encryption with functions like authentication and security policy enforcement, Aruba said. It also means that traffic stays encrypted across the network until it reaches the Aruba system, and that encryption keys don't need to be exchanged across the network or stored on access points. "Serious concerns still exist regarding the exchange of encryption keys that are flying around corporate network, completely unprotected," said Farpoint Group analyst Craig Mathias.

Aruba's system won't be for everyone, however, said Ovum's Titterington. Customers will have to decide whether it's necessary to use a dedicated engine for encryption and other security functions instead of simply upgrading access points. "It would only make sense for installations that are quite large and quite centralized," he said.

One of the most important aspects of 802.11i is AES, or the Advanced Encryption Standard, which uses an encryption algorithm developed in Belgium and chosen by the U.S. government as the new Federal Information Processing Standard in 2001. Wireless chip makers Atheros Communications Inc. and Broadcom Corp. have been shipping AES-enabled silicon since early 2003.

AES support would be a boon for large organizations that have standardized on gear from Cisco, a dominant force in the networking world. Cisco told Techworld it would not comment on unannounced products.

If Cisco has lagged on AES support somewhat, it may be due to some confusion in its overall approach to wireless security, said analyst Titterington. "They've had a bit of a muddled stance," he said.

This story, "Cisco and Aruba jump on next-gen wireless security" was originally published by

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon