Xirrus has several advanced features for addressing today’s wireless security needs. In addition to supporting all of the standard based security features such as WP2-Enterprise with AES and 802.1x authentication, Xirrus offers additional advanced features to make networks even more secure.
Dedicated threat sensor
One of the key advantages of the Xirrus multi-radio architecture is the ability to dedicate radio resources to specific network functions. One of the radios in every Array can be set as a dedicated threat sensor to provide 24/7 monitoring of the RF environment for intrusion detection/prevention and spectrum analysis. Most traditional Wi-Fi APs execute intrusion detection by using time slicing – using the radios to scan for threats part of the time and then service clients the rest of the time. Time slicing compromises security coverage by significantly reducing scan time and reduces the performance for clients the AP is serving. With its dedicated threat sensor function, each Array provides 24/7 threat coverage without compromising user performance.
WIDS/WIPS
The Xirrus Wireless Intrusion Detection/Wireless Intrusion Prevention system leverages the dedicated threat sensor to provide best in class security. With the dedicated threat sensor, along with detection mechanisms on the other Xirrus radios, the Array will detect rogue access points as well as the most common Wi-Fi attacks (e.g. DoS). Furthermore, in addition to detecting security threats the Array can actively shield rogue devices to be sure users do not inadvertently send key data to a rogue device.
Full line rate encryption
Each Array contains a stateful firewall to allow unwanted traffic to be blocked at the edge. The Arrays firewall can be set to block traffic based on source and destination information, as well as port number and protocol type. The Array firewall can filter Layer 2 - 4 traffic parameters, and each Array can be customized to fit specific need for the location where the Array is located (i.e. the same firewall rules don’t have to be applied across the entire network if it doesn’t make sense). Firewall filter list can be applied to global to the whole Array, or a unique firewall list can be created for each individual SSID.
Policy enforcement
In addition to being able prevent unwanted users and traffic from entering the network, the Array also provides seamless policy enforcement to guarantee that authorized users only have access to the necessary network resources. With full 802.1x integration, the Array can enforce network access based on user, device, or application. Policies include flexible filtering, QoS, rate limiting, and time of day access. The Array can also create user groups based on login credentials to control bandwidth limits or VLAN access. The Array seamlessly integrates with industry best-of-breed Network Access Control solutions to ensure that only devices that fit key criteria are allowed onto the network.
Reporting
Besides doing a better job of detecting and preventing security threats, the Xirrus solution also excels at reporting and tracking this information. Each Array creates Alarm and Event notifications for different activity types. This information can then be sent to any external syslog server for processing. Also, using the Xirrus management system all of the data can be aggregated and reviewed in powerful reporting tool. Email notifications can also be created to notify the network administrator of any major network issues.
Distributed security enforcement
Full integration of security features in every Array allows security to be enforced at the edge, where it belongs, rather than in a centralized controller at the core of the network. By embedding all of the security features in each Array, IT administrators can rest easy knowing policy enforcement is taking place at the edge of the network, spread across multiple devices without the single-point-of-failure risk that is inherent in a controller based architecture. Full performance encryption at the network edge enables the industry’s highest densities and best client performance with no central controller bottleneck.
24/7 intrusion detection
Xirrus’s security solutions provide the comfort of knowing that intrusion detection and monitoring are performed 24 hours a day, 7 days a week with a dedicated threat sensor. Rather than providing a partially secure solution with the use of time-slicing solution like traditional Wi-Fi solution, Xirrus takes security seriously and delivers the most secure Wi-Fi networks possible.
Seamless network integration
Xirrus security solutions fit seamlessly into existing network infrastructure with minimal changes required for network integration. Xirrus interfaces with existing RADIUS and NAC servers to enforce network access at the edge. Rather than having to implement unique network services just for the wireless network, the Xirrus Arrays can use existing systems to allow simplified management and lower cost.
Increased visibility
The distributed nature of the Array intelligence gives increased visibility across the entire Wi-Fi network. Each Array collects data statistics and reports the information to a centralized reporting engine to allow easy parsing data and review of the data. The Xirrus solution can notify the network administrator of major problems to allow proactive responses to cut off any major network issues before end-users are adversely affected. The Xirrus reporting capabilities can also be used for external compliance mandates (e.g. PCI, HIPPA) to show wireless usage and security history.
The Xirrus security features are included in the base ArrayoOS and the Xirrus’ Network Services RF Security Manage (RSM) package.
Click here for ordering information.