It was inevitable that high-security areas and Wi-Fi would collide, but in order to do so some changes were required to boost the level of security while providing clients the same level of access to which they are accustomed. Much like their spectral counterparts, there is a lot of science and mysticism in the realm of busting Wi-Fi into the realm of SECRET and TOP-SECRET networks. The following discussed the current state and future challenges as wireless follows the path to high-security areas.
Don’t Cross the Streams
In the film Ghost Busters the concept of crossing the streams was a very bad one with unknown consequences. In the world of wireless encryption, WPA and WPA2 have the ability to use a TKIP stream cipher or a CCMP block chaining cipher. In network types prior to 802.11n, SSID could be configured to use both TKIP and CCMP but the mixing and matching of these methodologies made the network posture inherently less secure for all clients. Post 802.11n only the block ciphers are allowed and for most of the last decade has been the only approved methodology for the Federal Government. Fast-forward to current day and devices have gotten smaller and the need to eke every bit of power from the battery that powers these devices is at an all time high. To that end a more efficient cipher was created that used and elliptical curve (EC) as the basis of churning clear text into cipher text that far superseded the capability of CCMP WPA2 for security and its ability to conserve power. With the advent of EC ciphers many doors once closed to commercial networking equipment have opened.
The Mayor needs a new Policy
Few exceptions were made to allow Wi-Fi into high security spaces due to the stringent policy requirements. Most important in the pursuit of using Wi-Fi in this manner was the firm belief that the confidentiality and integrity of the communications would be protected. Recent events have clearly shown that external attackers and insiders are willing to divulge captured information and that any network must have irreproachable security measures. To change the official posture on Wi-Fi in these spaces new specific guidelines were created by the National Security Agency (NSA) called the Commercial Solutions for Classified program (CSFC)*. This program allows for wired bulk encryption via VPN as well as wireless connectivity using Wi-Fi and Cellular networks. By creating this set of policies, a large group of devices that were historically restricted from high security spaces are now allowed. A combination of EC ciphers and specifically configured tablets and phones allows these devices without wired ports to be used in tactical and static high secure areas.
Who You Gonna Call?
Aruba Networks has a strong commitment to meet or exceed the very high security requirements of the United States federal government. To that end, we provide a fully validated suite of security products which include the Suite B EC ciphers that provide the ability to enter into the SECRET and TOP SECRET networking spaces. When purchasing Aruba products and activating the Advanced Encryption license (ACR) ** a customer will have the ability to configure one of the trusted tunnels required in the NSA use cases for CSFC deployment. In addition to providing the technical components, the Aruba Federal Systems Engineering team is well versed in high security networks and able to provide expertise to help lower the Certification and Accreditation hurdles. With that said I feel as if there is a pretty clear answer to Who you Gonna call when you need to bust into high security networking. Aruba Networks Federal.
*https://www.nsa.gov/ia/programs/csfc_program/
** http://www.arubanetworks.com/pdf/products/DS_OS_ACR.pdf