Dell Aruba 620 Podręcznik uzupełniający - Strona 29

Przeglądaj online lub pobierz pdf Podręcznik uzupełniający dla Przełącznik Dell Aruba 620. Dell Aruba 620 42 stron. Controllers with arubaos fips firmware non-proprietary security policy fips 140-2 level 2 release supplement

Many government agencies and commercial entities that transmit highly sensitive information over wireless
networks mandate that strong Layer 2 encryption technologies be deployed to ensure absolute data privacy.
U.S. DoD Directive 8100.2 requires that all data transmitted using commercial wireless devices be encrypted
at Layer 2 or Layer 3. The U.S. Navy and Army are requiring Layer 2 encryption, and cryptographic engines
used for all sensitive government communications must be validated as meeting FIPS 140-2 requirements.
xSec has been designed to address this requirement and to provide a number of additional benefits.

Wireless Intrusion Detection

Aruba's Wireless Intrusion Protection (WIP) module eliminates the need for a separate system of RF
sensors and security appliances. The WIP module provides extraordinary capabilities to Aruba's enterprise
mobility system, giving administrators visibility into the network, along with the power to thwart malicious
wireless attacks, impersonations and unauthorized intrusions.
Wireless intrusion detection is only the first step in securing the corporate environment from unwanted
wireless access. Without adequate measures to quickly shut down intrusions, detection is almost worthless.
Without accurate classification of APs and stations (e.g., valid, rogue, or neighbor), providing an automated
response to possible intrusion is impossible.
Aruba access points constantly scan all channels of the RF spectrum, capturing all 802.11 traffic and locally
examining the captured data. Only policy violations are sent to the central mobility controller to ensure
minimal impact on wired network performance. While scanning the environment, the Aruba system learns
about all wireless APs and stations and classifies these devices based on traffic flows seen on the wire and
in the air. This traffic is collected and correlated on the mobility controller.
Aruba's WIP module provides both detection and prevention capabilities. Users and devices are detected
and classified so administrators can react to both unintentional and malicious WLAN access. No other
system on the market provides such capabilities.

Unique Station and User Classification

Aruba's patent-pending classification system automatically identifies and classifies all APs and stations
connected to the network. The system works by comparing traffic seen in the air with traffic seen on the
wire. When a match is found, it is known with certainty that the device belongs to the local network rather
than a neighboring network. This avoids false alarms for the administrator, because only true rogue devices
are classified as such.

Detecting and Disabling Rogue APs

Aruba's classification algorithms allow the system to accurately determine who is a threat and who is not.
Once classified as rogue, these APs can be automatically disabled. Administrators are also notified of the
presence of rogue devices, along with their precise physical location on a floorplan, so that they may be
removed from the network.

Denial of Service and Impersonation Protection

Wireless networks, by their nature, make an attractive target for denial of service attacks. Such attacks
include software that floods the network with association requests, attacks that make a laptop look like
thousands of APs, and deauthentication floods. Aruba mobility controllers equipped with the Aruba WIP
module maintain signatures of many different wireless attacks and are able to block them so service is not
disrupted.
Advanced Denial of Service (DoS) protection keeps enterprises safe against a variety of wireless attacks,
including association and de-authentication floods, honeypots and AP and station impersonations. Based on
location signatures and client classification, Aruba access points will drop illegal requests and generate
alerts to notify administrators of the attack.
Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
FIPS 140-2 Level 2 Features |
27