Secure Wireless LANs – How to Build

Aerohive’s unique approach with its wireless LAN architecture eliminates controllers and enables customers to forward traffic at the edge to optimize traffic performance as well as network resiliency and load. Aerohive’s solution provides these advantages while maintaining a strong security posture because comprehensive security enforcement is performed right at the edge of the network – where the wireless users first get access to the LAN. Many companies have segmentation and firewall policies that must be applied when the wireless traffic bridges to the local network. This is especially true for companies with regulatory compliance concerns such as the Payment Card Industry, or PCI.

Aerohive's access points are built to be secure. Every feature within the product goes through a thorough internal examination to help eliminate vulnerabilities during design, and then during quality assurance, it is scanned for vulnerabilities. When vulnerabilities are found they are fixed with the highest priority. Aerohive has a policy of public disclosure of security vulnerabilities that includes a security alert system to notify customers as quickly as possible of vulnerabilities and the steps required to eliminate the vulnerability.

In addition to building secure products, Aerohive offers a rich set of security features including:

  • Wireless Privacy – Full support for 802.11i, WPA, and WPA2.
  • Authentication – Strong authentication using 802.1X with RADIUS, Active Directory or OpenLDAP. Captive Web Portal authentication and MAC authentication.
  • Private PSK - Our unique feature adds enterprise-class security and management to pre-shared keys.
  • Client Management and NAC – Interoperability with all major client management, NAC, and in-line security solutions within the enterprise.
  • Identity-Based Access Control – In-line policy enforcement with strong role-based stateful inspection firewall and access control.
  • Network Firewall and Intrusion Detection and Protection – Segmentation of traffic based upon user role and stance without breaking the existing wired IPS and firewall systems in place. In fact, Aerohive recommends leveraging those resources to improve the security of the wireless traffic.
  • Rogue Detection and WIPS – Wireless DoS detection and prevention and wireless IPS for rogue detection, intrusion prevention and compliance monitoring.
  • Security Reporting and Security Event Management (SEM) – Complete wireless reporting within HiveManager and support for third-party event management.
  • Device Physical Security and Data Storage – Strong device security including a TPM chip for secure key and configuration storage and physical locking mechanisms to deter theft.
  • Compliance – Solutions for deployments in HIPAA, SOX and PCI compliant networks among others.
  • Aerohive's ability to offer secure wireless access is based on an end-to-end approach that has been built into our design process rather than as an afterthought. Not only has Aerohive implemented a comprehensive set of security features, but Aerohive’s architecture has also been designed to take advantage of other security systems in place within an enterprise to ensure consistent security policy for users whether they are wired or wireless. Through an end-to-end approach, Aerohive has delivered a comprehensive and market-leading secure wireless network solution, as well as secure hardware and software products.