Secure Your Network the Aruba Way

By Scott Lester, Blog Contributor
Share Post

What's the Right Security Architecture for the Mobile-First World?

Security. Someone once defined this word for me as “the absence of knowledge.” While that may be true when it comes to passwords, an absence of knowledge about occurs in your  these days can be a resume-altering event if you aren’t careful.

The number of data breaches that occur on a daily basis across the world is quickly spiraling out of control. Many network administrators have no idea who or what is using their network to gain access to precious company data. The team at Aruba has spent a great deal of time strengthening their position in regards to network security, via company acquisitions and further development of existing products.

Consequently, I thought I would take a minute to touch on the various methods of increasing network security, the Aruba way.

User-Based Tunneling 

One of the facets of network security, the desire to easily enfore user policy throught the network regardless of whether the device is wired or wireless, is becoming increasingly critical for organizations. This is a focus of Aruba, known as user-based tunneling (UBT), formerly known as per-user tunneled node. So, what is UBT and how does it work?

UBT is a feature built into the Aruba switching platform that utilizes a GRE tunnel between the switch and an Aruba WLAN controller, allowing a central point of policy enforcement within the network. Once the tunnel has been built and traffic forwarded across it, each device will have a user role applied at the WLAN controller that is used to determine which policies are in effect for that user -- just as wireless devices do now within the Aruba system.

For people who might be new to Aruba, the user role is the foundation of policy enforcement. It is the user role by which firewall policies, what rate limiting, QoS settings and basic things like which VLAN a device is placed into is determined.

Now, there is no longer a need for a network administrator to configure multiple policies within various network components to ensure that similar behaviors are allowed for each user/device. I like to use the word similar when describing the behavior, as many can attest that even with the greatest attention paid to building network policies, each point of control within the network will vary slightly in how it operates and affects the user/device.

I am sure many of you are already thinking the obvious use for this feature is guest traffic. However, many are finding that even corporate traffic for IoT devices, and other potentially unsecure devices such as mobile phones, should be tunneled for security purposes. Since we mentioned different device types, how does one know what devices are lurking around on their network? This is where Aruba ClearPass comes in.

Let me start off by saying, ClearPass is NOT just a RADIUS server as some have called it. I like to think of it as a security Swiss Army knife that is extremely useful for enhancing the security posture of an organization. The ability to direct traffic to Aruba ClearPass from almost any source for device profiling and combining that identification with policy enforcement within the network provides an immense value to network administrators and network security professionals. We discussed earlier the need for some organizations to tunnel device specific traffic across the network, and without the identification provided by ClearPass this would be virtually impossible.

In 2017, a casino's data was breached, as a result of someone hacking a fish tank on the premises. The result was approximately 10GB of data exfiltrated from the network, all because someone attempted to monitor the temperature, food and cleanliness of the tank. But, if the casino had ClearPass to profile the device and apply a policy limiting its network access, an untold amount of lost money and embarrassment could have been avoided. Thanks to the ClearPass, the days of being oblivious to activity on your network are long gone.

One of the most important security products in the Aruba ecosystem is IntroSpect, which is in the User and Entity Behavior Analytics (UEBA) category. IntoSpect is responsible for continuously evaluating actions taken by network devices and users, while building a baseline from those activities. From that point forward, any anomalous behavior from that device/user immediately triggers an alert within the network. Along with ClearPass, it makes it possible for a network to automatically identify and remediate a security issue before a compromise occurs.

I hope that this blog has helped shine some light on what Aruba brings to the table when it comes to network security. By using multiple layers of security that work together, Aruba has truly developed a complete network security platform that is vital to securing today’s networks.

Follow Scott Lester on Twitter @theITrebel.