Aruba Networks PartnerEdge Silver

Aruba ArubaOS xSec Module
Highly secure data link layer (Layer 2) protocol

ArubaOS Operating Software

Aruba Networks Products
Aruba xSec Module License
xSec Module License (32 Sessions) #LIC-XSC-32
List Price: $290.00
Our Price: $261.00
xSec Module License (64 Sessions) #LIC-XSC-64
List Price: $550.00
Our Price: $495.00
xSec Module License (128 Sessions) #LIC-XSC-128
List Price: $1,050.00
Our Price: $945.00
xSec Module License (256 Sessions) #LIC-XSC-256
List Price: $2,000.00
Our Price: $1,800.00
xSec Module License (512 Sessions) #LIC-XSC-512
List Price: $3,800.00
Our Price: $3,420.00
xSec Module License (1024 Sessions) #LIC-XSC-1024
List Price: $7,200.00
Our Price: $6,480.00
xSec Module License (2048 Sessions) #LIC-XSC-2048
List Price: $13,600.00
Our Price: $12,240.00
xSec Module License (4096 Sessions) #LIC-XSC-4096
List Price: $24,480.00
Our Price: $22,032.00
xSec Module License (8192 Sessions) #LIC-XSC-8192
List Price: $43,520.00
Our Price: $39,168.00

Click here to jump to more pricing!

Overview:

xSec is a highly secure data link layer (Layer 2) protocol that provides a unified framework for securing all wired and wireless connections using strong encryption and authentication. xSec is a Federal Information Processing Standard (FIPS)-compliant mechanism to provide identity-based security to government agencies and commercial entities that need to transmit extremely sensitive information. xSec provides greater security than other Layer 2 encryption technologies through the use of longer keys, FIPS–validated encryption algorithms (AES-CBC-256 with HMAC-SHA1), and the encryption of Layer 2 header information including MAC addresses. xSec was jointly developed by Aruba Networks and Juniper Networks

Features:

Unified Security Framework

  • Universal Authentication And Encryption For Wired And Wireless Users, Regardless Of Network Access Method

Fips Validated

  • Fips 140-2 Compliant And Certified

Legacy Investment Protection

  • Software-Based Client Solution Means Legacy Wireless Access Points And Nic Cards Do Not Need To Be Replaced

Designed For Compatibility

  • Based On Ieee 802.1X Framework With Support For All Secure Eap Methods

Rogue Ap Prevention

  • Rogue Ap Detection, Classification, Location And Automatic Containment

The Need For Layer 2 Encryption

Traditionally, encryption has been performed at Layer 3 (Network Layer) in the form of IPsec. IPsec uses 3DES or AES encryption and can encrypt the IP packet including the source and destination IP addresses in the header. IPsec provides a commonly accepted, secure method of communication over untrusted networks since the only information left unencrypted are packet headers and pure Layer 2 traffic such as ARP (Address Resolution Protocol) and DHCP (Dynamic Host Configuration Protocol) packets.

While the confidentiality of IPsec-encrypted data is not in question, the possibility exists that an attacker with direct link-layer access to other devices on a network could carry out attacks against those devices. For example, a wireless network secured with WEP and IPsec could put client devices at risk if an attacker obtains the WEP key and gains Layer 2 access to the network. In addition, there is concern among many security groups that exposure of any packet header information could be used as the basis of an attack.

For this reason, many government agencies and commercial entities mandate that strong Layer 2 encryption technologies be deployed to ensure absolute data privacy. Many defense agencies require commercial wireless devices provide Layer 2 encryption for all data transmissions. Cryptographic engines used for all sensitive U.S. government communications must be validated as meeting FIPS 140-2 requirements, and xSec has been designed to address this requirement plus provide a number of additional benefits

Wired and Wireless Device Connectivity Using xSec

Unified Security Framework

xSec enables universal authentication and encryption regardless of access method. Every client that connects to the network, wireless or wired, can authenticate to an Aruba Mobility Controller using an xSec client. Authentication inside the xSec protocol is accomplished using standard 802.1x EAP (Extensible Authentication Protocol) and a standard RADIUS server to validate credentials. xSec supports authentication using passwords, certificates, smart cards, token cards, and other credentials supported by the chosen EAP type.

FIPS Validated

Through the use of AES-CBC with a 256-bit key length for encryption, xSec provides the only COTS (Commercial Off-the-Shelf) Layer 2 protocol that is FIPS validated. As a result, xSec is an ideal solution for securitysensitive applications in the government, finance, and healthcare markets. FIPS is a more stringent security standard than those required in the commercial sector, and therefore more suitable for compliance with commercial regulations such as HIPAA and GLBA.

Legacy Investment Protection

Most legacy equipment cannot be upgraded to support the latest security standards such as 802.11i and WPA2. xSec encryption, however, is performed in hardware by the Aruba Mobility Controller, and in software at the client level, meaning that an existing network can be upgraded to support the latest security technology without replacing older access points or wireless NICs (network interface cards).

Designed For Compatibility

xSec is based on the IEEE security standard 802.1x. Secure EAP methods supported include EAP-TLS, TTLS and PEAP, making xSec compatible with existing security mechanisms such as RSA Tokens and PKI certificates. xSec is designed to be transparent to the Layer 2 infrastructure and can operate through a switched Ethernet network without the risk of EAP frames being intercepted by 802.1x-aware Ethernet switches. Juniper Networks’ Odyssey Access Client with xSec support is available for Windows 2000, Windows XP and Windows Mobile.

Deployment Scenarios

xSec is deployed by activating the xSec software license on an Aruba Mobility Controller and by installing Juniper Networks’ Odyssey Access Client on a wired or wireless PC. xSec can be used to secure traffic between an Aruba mobility controller and a wireless client, between a Mobility Controller and a wired client, or between two Mobility Controllers on the same VLAN.

Configuring client to use xSec encryption on

OOddysyssseeyy A Cclcineest sc oCnlineenct tceodn tnoe ScSteIDd “toal pShSaI-Dxs “eaclp” huasi-nxgs excS”e ucs pinrogt oxcSoelc protocol

Documentation:

PDF File
Aruba xSec Module Datasheet (.PDF)

Aruba Networks Products
Aruba xSec Module License
xSec Module License (32 Sessions) #LIC-XSC-32
List Price: $290.00
Our Price: $261.00
xSec Module License (64 Sessions) #LIC-XSC-64
List Price: $550.00
Our Price: $495.00
xSec Module License (128 Sessions) #LIC-XSC-128
List Price: $1,050.00
Our Price: $945.00
xSec Module License (256 Sessions) #LIC-XSC-256
List Price: $2,000.00
Our Price: $1,800.00
xSec Module License (512 Sessions) #LIC-XSC-512
List Price: $3,800.00
Our Price: $3,420.00
xSec Module License (1024 Sessions) #LIC-XSC-1024
List Price: $7,200.00
Our Price: $6,480.00
xSec Module License (2048 Sessions) #LIC-XSC-2048
List Price: $13,600.00
Our Price: $12,240.00
xSec Module License (4096 Sessions) #LIC-XSC-4096
List Price: $24,480.00
Our Price: $22,032.00
xSec Module License (8192 Sessions) #LIC-XSC-8192
List Price: $43,520.00
Our Price: $39,168.00