Security, WIDS/WIPS and Aruba ECS

Reply
Occasional Contributor II

Security Certificate Document

Hi All,

sorry for making such thread here as i know this forum is for technical issue


i had searched the whole Aruba site to find a Document that describes Aruba Compliance with different security standards like PCI and HIPPA,......etc,

as one of my customers asked me for that document

anybody here has came across such document in Aruba site?


thanks in advance
Guru Elite

PCI or HIPAA compliance

Devices are not PCI or HIPAA compliant out the box; solutions are. If a device or solution is configured in a manner that satisfies HIPAA requirements, then the solution is HIPAA compliant. I'm not sure if the Payment Card Industry gives out certifications to products... but I have been very wrong before....


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Security Certificate Document

Hi Colin,

thanks for your quick reply and useful information,

OK is there an official document from Aruba that states that Aruba Solutions are compliant with this standards

thnx in advance

Re: Security Certificate Document

Regarding PCI, like Colin said, there is no list of hardware that is PCI approved (that *I* know of anyway), only configurations and/or solutions. You can get very close, and often exceed HIPAA, SOX, and PCI requirements by using FIPS-validated software (which Aruba has). In essence, the FIPS code puts limits on the capability of the software (no WEP or TKIP-based crypto, no telnet, etc), but it isn't 100% since FIPS allows open SSIDs for L2 encrypted transport or 3rd party VPN solutions. PCI, HIPAA, and SOX compliance, ultimately, falls to the admin of the system to configure it within the requirements of the standard. Most large companies will have to submit to independent audits from service companies to asses, test, and validate your compliance to the requirements.

One of our big strengths in PCI and HIPAA specifically, is our firewall. Most PCI and HIPAA compliance requirements want some kind of security boundary like a firewall. In the past with the older legacy stuff, you had a wireless VLAN that was firewalled off from the LAN or required to be in the DMZ. With us, using PEF, you can apply the firewall boundary at the user. In addition, PCI and HIPAA requires WIDS in most cases to look for rogues. Again, this comes integrated within a single product. So from a PCI or HIPAA compliance perspective, most every major category is addressed, to which the last leg of validation depends on you (the network and wireless admin) to have strong authentication, good firewall policies, etc.

You can also look at products like AirWave, which will look at the existing configuration and run it against a checklist of the standards, and it can tell you where you might be breaking the rules, or might be at risk of breaking the rules (http://www.airwave.com/industries/retail/ and http://www.airwave.com/industries/healthcare/).

/former Hertz security audit coordinator heh
Jerrod Howard
Sr. Techical Marketing Engineer
Occasional Contributor II

Re: Security Certificate Document

thanks for this valuable information guys
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: