Controllerless Networks

last person joined: 15 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

How secure is Aruba Central?

This thread has been viewed 2 times

  • 1.  How secure is Aruba Central?

    Posted Nov 28, 2016 12:36 PM

    I was watching the little promo video for Aruba Central cloud-based management and they said to just "plug them in, no technical expertise required. They find their way onto the internet and are manageable from your Aruba Central" - coupled with Central being cloud-based so by definition it is external to my network.

     

    My question, how secure is all of this? I really don't like the idea of people being able to hack at my switches/routers and if they are on the internet then they are attackable. I noticed there was no mention of security of the system or configuration in the whole video, not even a "and all of this is secure" generic blanket statement.

     

    Video link



  • 2.  RE: How secure is Aruba Central?

    EMPLOYEE
    Posted Nov 29, 2016 05:01 AM

    Please see the central datasheet here:  http://www.arubanetworks.com/assets/ds/DS_ArubaCentral.pdf



  • 3.  RE: How secure is Aruba Central?

    Posted Nov 29, 2016 11:22 AM

    Thanks Colin, unfortunately the sales blurb has nice-sounding bites like:

     

    Simplify network set-up and offload IT resources simply by shipping Aruba Instant APs, switches and branch controllers to remote sites, then unpack and power up. No technical experience needed. Once connected to the Internet, the configuration and firmware is automatically downloaded from Central. Your network is up and running in minutes.

     

    But it does not really address the key issue, with all of those devices connecting to the internet, especially switches which don't have a lot of anti-hacking security built-in, how is the system preventing attacks?

    Mark

     



  • 4.  RE: How secure is Aruba Central?
    Best Answer

    EMPLOYEE
    Posted Nov 29, 2016 11:30 AM

    I think Colin was wanting to point you to:

     

    HTTPS connection with strong mutual authentication using certificates ensures secure communication with Aruba products. Certificates are stored in Trusted Platform Module (TPM) chips on Aruba hardware for the highest level of protection.

     

    So it's cert-based HTTPS encryption using TPMs. 



  • 5.  RE: How secure is Aruba Central?

    Posted Nov 29, 2016 11:41 AM

    ahh, ok I see.

     

    I am assuming also that despite the confusing wording, all of the switches are not internet connected but only the controller, as the switch specs make no mention of those capabilities.



  • 6.  RE: How secure is Aruba Central?

    EMPLOYEE
    Posted Nov 29, 2016 11:52 AM

    If you plan to provision, deploy, and manage wired switches via Central, then yes the switch needs to be able to reach out to Central via the internet so it can be managed and changed as needed. 

     

    if you have an aversion to hardware touching Central over the intertubes, then you can look at something like AirWave instead, which would run locally and wouldn't need internet connectivity to Central.