WiFi Jedi.com » Regulations / Compliance

Xirrus Introduces Advanced RF Security Manager (RSM) for 802.11n Networks

wifijedi — Sun, 08 Nov 2009 07:33:02 +0000

Intelligent Security at the Network Edge Minimizes Risk in Wi-Fi Networks

Thousand Oaks, CA – Xirrus, Inc., the only Wi-Fi “Power-Play” in the industry, announced today its advanced RF Security Manager (RSM) for improving security and minimizing the risk in deploying 802.11n wireless networks. Leveraging an integrated 24/7 threat sensor and hardware-based encryption/decryption in each Array, RSM secures the Wi-Fi network from multiple types of threats. The result delivers uncompromised overall network security with greater flexibility and performance compared to traditional centralized Wi-Fi networks.

Today’s Wi-Fi networks face a number of potential security threats in the form of rogue access points, ad-hoc clients, unauthorized clients, wireless-based attacks, eavesdropping, etc. As 802.11n continues its increased adoption in enterprise networks, the importance of defending against these threats is becoming more critical.

The Xirrus Wi-Fi Array enables the efficient deployment of high performance, maximum security 802.11n networks with a multi-radio design that integrates a dedicated 24/7 threat sensor. With this threat sensor radio scanning all channels in the 2.4GHz and 5GHz spectrums, RSM searches for security threats and automatically mitigates them. Traditional Wi-Fi solutions must time-slice a user servicing radio with the security scan function, compromising the performance of the wireless users and the effectiveness of the security scan.

High performance encryption/decryption in the enterprise Wi-Fi network is a MUST. The Wi-Fi network needs to support each client using the highest level of encryption (WPA2 Enterprise/128 bit AES) and without degrading the overall performance of the network. The Xirrus Wi-Fi Array incorporates hardware-based encryption/decryption into each Array, delivering line-rate encryption at the edge of the network instead of at a choke point within the centralized controller of traditional Wi-Fi solutions.

“RSM provides a simple, scalable security solution that enables any organization to proactively mitigate wireless threats, enforce enterprise policies, and prevent performance problems. It offers the visibility and control over the wireless airspace needed to enable an enterprise to reliably deliver the same standards of security performance and compliance for their wireless networks that they expect from their wired networks,” said Dirk Gates, founder and CEO of Xirrus.

The RSM (RF Security Manager) package includes:

• Wireless IDS/IPS

• Wireless stateful firewall

• Line-rate encryption/decryption

• Security alerts and logging

• User group policies

• Authenticated guest access gateway

• NAC integration

• PCI audit compliance enforcement

RSM is part of a family of functionality packages for the Xirrus Wi-Fi Array, which also includes the RF Performance Manager (RPM) and RF Analysis Manager (RAM). RSM is available now in the Xirrus ArrayOS 4.0.6 software release.

Wireless IDS/IPS Post on CWNP.com

wifijedi — Sat, 14 Mar 2009 19:59:12 +0000

I wrote another guest post for the Certified Wireless Network Professional (CWNP) program. Among other things, CWNP offers vendor-nuetral wireless cerifications.

My most recent post is related to wireless requirements of the Payment Card Industry (PCI) Data Security Standard (DSS). It specifically talks about wireless intrustion detection & prevention systems with regards to PCI Requirement 11.1.

You can view my “Wireless Requirements of the Payment Card Industry” post on the CWNP website. However, if you are coming from the CWNP website, and are unfamiliar with my blog, I would suggest you start by reading my post, “Welcome CWNP.com Readers!”

SANS Phoenix – Update

wifijedi — Thu, 26 Feb 2009 05:37:31 +0000

A couple weeks ago, I wrote a post announcing that I will be taking the Security Leadership Essentials course at SANS Phoenix, 2009. The conference is being held March 23-30, 2009.

I will be blogging about the event, so check back around that time to hear my thoughts on the course! As I said in my previous post, I am participating in the SANS Work-Study program, which I think is a tremendous value.

I am excited about two updates to my conference registration. First, I am also taking the SANS 2 day course on the Payment Card Industry (PCI) Standard. Second, I am getting access to the SANS On-Demand training for both of these courses. On-Demand is another cool option for training in this economy – solid computer based training with no travel costs! Both of these are included with my registration under the work study program!

Have you taken a SANS course? What did you think? What do you think of SANS? A couple of years ago, there was a session at ShmooCon entitled Anti-SANS (or something of the sort). It was a very spirited debate to say the least. I would love to hear what you think of SANS – good, bad, or indifferent!

Xirrus is First Wireless Product for PCI Compliance Certified by VeriSign

wifijedi — Tue, 03 Feb 2009 18:59:18 +0000

My employer, Xirrus, had a recent press release that I thought was of value to my readers. While somewhat of a shameless plug, it is something that I am extremely excited about! We are the first (and only WiFi vendor to date) whose product has been certified by VeriSign for operation in a PCI network. Maybe its the former IT auditor in me (I worked several years at Protiviti and am still an active member of ISACA), but this is fantastic news. Below is the press release:

Xirrus, Inc., the Wi-Fi “Power-Play” that delivers the most wireless coverage, bandwidth, and throughput in the industry, announces VeriSign assessment of the new features that enforce PCI-compliant configurations for the Xirrus Wi-Fi Array product line.

Payment Card Industry (PCI) security standards are worldwide technical and operational requirements that were created to help organizations that process card payments prevent fraud, hacking, and other various security vulnerabilities and threats. All members of the payment card industry, including financial institutions, credit card companies, merchants (retailers, hotels, etc.), and service companies must comply with these standards if they want to accept credit cards.

“To maintain a secure network and comply with the PCI standards, companies must ensure their Wi-Fi networks are secure and automatically protect both their companies’ and their customers’ information,” said Kurt Sauter, Director of Corporate Initiatives. “The new Xirrus PCI audit mode, available in all Wi-Fi Arrays, ensures product configuration changes are compliant with PCI standards, disallows changes that would result in a non-PCI-compliant configuration, and sends notifications that identify any product that does not meet the new requirements.”

New PCI-compliant implementations that use Wi-Fi are prohibited from using WEP starting March 31, 2009 and current wireless users are required to implement strong encryption such as 802.11i after June 30, 2010. The new features are available beginning in Xirrus ArrayOS software release 3.5 and include additional security features for ensuring the utmost in wireless security including:

Integrated and dedicated Wi-Fi Threat Sensor for continuous monitoring of the air
Integrated rules-based stateful firewall
Reprogrammable FPGA-based encryption engines
Integrated Spectrum Analyzer for DoS attacks and RF analysis
Advanced RADIUS/802.1x user and administrator authentication
Captive Web Portals for guest user authentication and control
Penetration-tested software and hardware platform
FIPS 140-2 Government security certification

“Xirrus is the first Wi-Fi vendor to take their products through VeriSign’s rigorous Security Certification Methodology,” said Katie Jenkins, Senior Consulting Manager responsible for VeriSign’s Security Certification Program. “Our program confirms that Xirrus has demonstrated that it has taken reasonable and appropriate steps to identify and manage information security risks and utilize PCI information security best practices for the evaluated Xirrus Wi-Fi Array products.”