Aruba Wireless Networks has announced several security improvements to its wireless network switch, aimed at protecting corporate WiFi networks from problems with client devices.
The announcement, made at the RSA security show in San Francisco, includes a deal with Zone Labs to quarantine any virus-infected devices before allowing access, a deal with Funk software to put industry-standard 802.1x on the Aruba product, and two-factor authentication with RSA's SecurID product.
Virus infected devices are quarantined and fixed through a partnership with firewall vendor Zone Labs. As part of the authentication process, any user attaching to an Aruba-based wireless LAN will be vetted by a Zone Labs integrity server, and then either quarantined or allowed access to the network. It's a process that sounds similar to that recently announced by Vernier Networks
"If you have a laptop that is not up to spec, in terms of virus protection, we send you to Zone Labs and they make sure you are up to spec," said Pankaj Manglik co-founder and vice president of product management at Aruba. "Then and only then do we allow access to the network. We protect users from other users."
This is partly based on Aruba's own improvements in end-point security. The company has moved to a MAC level of authentication, similar to that claimed by Vernier. "We ensure that it is not just the user that is authenticated," said Manglik.
The Funk Software deal, announced at the RSA security conference in San Francisco bundles a 30-day trial of Funk's Odyssey security software with Aruba's products. Odyssey is an IEEE 802.1x authentication client, intended to work with Funk's secure back-end server software, Steel-Belted Radius. "Funk is the most widely used client software for 802.1x," said Manglik. "We can go into any environment."
Aruba's system has been certified to work with RSA's Security two-factor authentication, where a computer generated pass-code is used to authenticate the user as well as a password. The Aruba system can cache credentials for a short space of time to allow users to roam to different hotspots.
"Client-level security hasn't been picked up so well till now," said Manglik. "The industry has been laptop focused so far. People don't think of the myriad devices that are going to connect to the network."