Aruba | KrowTen Security

Aruba Networks: OS command injection in RAP web interface and 802.1X EAP-TLS user authentication

An OS command injection vulnerability has been discovered in the Aruba Remote Access Point’s Diagnostic Web Interface. When running the diagnostic web interface, arbitrary system commands can be executed as the root user on the Remote device by an unauthenticated attacker.

The Remote Access Point provides a web interface to facilitate initial provisioning of the device. This web interface provides functionality to run some basic network diagnostics and enter configuration parameters necessary for successful provisioning. An OS command injection vulnerability has been discovered in this web interface where malicious user input can be injected via form elements and run arbitrary system commands on the device as root user. This diagnostic web interface can be disabled after initial provisioning of the device.

An unauthenticated attacker can run arbitrary system commands on the device as root user. This could lead to a full compromise of the device’s operating system.

This vulnerability applies only to the Aruba Remote Access Point and other Aruba devices are not affected.

Aruba Networks recommends not allowing access to the Aruba Remote Access
Point’s diagnostic web interface after initial provisioning by applying an
access list (acl) to block HTTP and HTTPS protocol to its local IP. This
restricted acl needs to be in the highest position of the acl rules for
each user-role that should not have access to the diagnostic web
interface.

Example restricted IP access list added to a user-role called guest:

ip access-list session local_debug_restricted
user localip svc-http deny
user localip svc-https deny

user-role guest
access-list session local_debug_restricted
access-list session dns-acl
access-list session dhcp-acl
access-list session icmp-acl
access-list session http-acl
access-list session https-acl

Aruba Networks recommends that all customers apply the appropriate
patch(es) as soon as practical.

The following patches have the fix (any newer patch will also have the
fix):

– – – ArubaOS 5.0.4.2
– – – ArubaOS 6.0.2.1
– – – ArubaOS 6.1.2.4

March 20, 2012 | Categories: Enterprise, General Security, Hacking, Network Management, Network Security, Patching, Security, Security Advisory, Vulnerabilities, Zero-Day | Tags: Aruba, Aruba Networks, Caribbean, Code injection, enterprise-it, https protocol, interface example, Networking, Security, software, Technology, Travel and Tourism, User interface, virtualization | Leave a comment

BYOD Control: Aruba brings it together with ClearPass

Aruba Delivers BYOD Control with ClearPass

The bring-your-own-device (BYOD) era is booming, while BYOD delivers some freedom to users and is great don’t get me wrong, however. It is still absolutely critical that companies reachthe same degree of protection, and control that corporate owned devices also receive to these devices. It has to be thought of as a wired device, in my opinion.

Networking vendor Aruba is now debuting a solution for BYOD, built on Linux and leveraging the open source FreeRADIUS access controlsolution to help return control to enterprises.

“ClearPass provides a networking solution for BYOD to address all of the majoroperating systems and any networking vendor’s network architecture,” Robert Fenstermacher, director of Product Marketing at Aruba, told InternetNews.com. “It can act as a single point of policy control across all wired, wireless and remote infrastructure for a global organization.”

Aruba simplifies IT management of BYOD (infoworld.com)
Aruba to buy Avenda for BYOD security (infoworld.com)
Aruba Simplifies IT Management of Employee-Owned Mobile Devices (oracleidentity.wordpress.com)

February 22, 2012 | Categories: data recovery, Enterprise, Malware, Mobile Device Management, network security solution, network security tool, Security, virus protection, Wireless Security, Wireless VPN, Zero-Day | Tags: Aruba, Aruba Networks, Avenda Systems, BYOD, Cisco Systems, FreeRADIUS, IOS, Linux, network architecture, networking solution, networking vendor, Wi-Fi | Leave a comment

Gigabit Wi-Fi Panel From the Wi-Fi Symposium

The Wi-Fi Mobility Symposium panelists discussed the possibilities for gigabit Wi-Fi, including practical applications and questions about the relevance of technologies like 802.11ac and 802.11ad. This session was introduced by Marcus Burton and moderated by Marcus and Andrew von Nagy. It features the following panelists (L-R):

Devin Akin, Aerohive Networks
Peter Thornycroft, Aruba Networks
Paul Congdon, HP Labs
GT Hill, Ruckus Wireless
Image via Wikipedia

Video Posted Here: http://vimeo.com/35706897

Speed is king. The desire for in-home video and multimedia distribution is growing as consumers increasingly adopt more dynamic time-shifted and location-shifted media consumption behaviors. Wireless networking is the preferred method due to its ease-of-use, ubiquity, and low-cost compared to wired network installation. Two separate standards are being developed to enable higher capacity and support for multiple high-def video streams: 802.11ac provides gigabit speeds for multi-room access and ensures backward compatibility with existing Wi-Fi equipment in the 5GHz frequency band, while 802.11ad provides multi-gigabit speeds at much shorter ranges but does not provide compatibility due to operation in the much higher 60GHz frequency range. Symposium panelists will present the benefits and development progress for both standards, and discuss use-cases within the home as well as enterprise environments.

Original Post: http://techfieldday.com/2012/gigabit-wi-fi-panel-wi-fi-symposium/

802.11ad isn’t a replacement for regular old Wi-Fi (netsecurityit.wordpress.com)
NPD: Wi-Fi set to conquer home entertainment devices (netsecurityit.wordpress.com)
“Super WiFi” Blankets First County in U.S. (technologyreview.com)
Will Microsoft’s WiFi-NC set new network standard? (netsecurityit.wordpress.com)

January 26, 2012 | Categories: Enterprise, Mobile Device Management, Network Management, Networking, Wi-Fi, Wireless Security, Wireless VPN | Tags: aerohive networks, Aruba, Aruba Networks, Data Communications, gigabit, home entertainment devices, Home video, marcus burton, media consumption, paul congdon, ruckus wireless, Wi-Fi, Wikipedia, Wireless, Wireless network | Leave a comment

Aruba Brings Wi-Fi to Wall Plates

The typical Wi-Fi deployment today involves access points deployed in hallways or rooms as standalone boxes. As the move towards pervasive wireless access grows, so too have the demands on wireless infrastructure. That’s where Aruba Networks(NASDAQ:ARUN) is aiming to fill a gap with a new wall mountable access point.

Image via Wikipedia

The AP-93H is a 2×2 MIMO 802.11n access point that can be installed on a standard wall mount for wired Ethernet access. The AP-93H has a gigabit uplink port for high-speed connectivity to the wired network for access. The access point is a dual band radio operating in either the 2.4 Ghz or the 5 Ghz ranges. On the software side the device includes the Linux-powered Aruba OS

Read More: http://tinyurl.com/894jo5v