October 16, 2008
Aruba Networks Releases New White Paper Outlining How Merchants Can Comply With the Newest Payment Card Industry Security Standard
Aruba Networks, Inc. (NASDAQ: ARUN), a global leader in wireless LANs and secure mobility solutions, today announced the availability of "Security Is In The Air," a new white paper that describes how merchants can comply with the newest Payment Card Industry (PCI) Data Security Standard (DSS) Version 1.2. The v1.2 standard defines security guidelines for merchants and service providers that store, process and transmit cardholder data. Firewalls, encryption, authentication, and wireless intrusion detection are mandated for use with all wireless LANs, and some safeguards are required even if the wireless LAN does not transmit cardholder data. The white paper describes compliance solutions for both wired and wireless networks.
The PCI DSS V1.2 standard includes twelve major steps for securing payment account information, and testing methodologies designed to ensure that these requirements are met. Wireless LAN security is a core component of these requirements. The security requirements fall into three categories: no wireless LANs are in use; wireless LANs are used for non-cardholder data applications only; and wireless LANs are used for cardholder data transactions. The white paper recommends technical solutions designed to satisfy the distinct compliance requirements of each category."Besides enhancing security controls to prevent breaches, establishing and maintaining PCI compliance positively affects a merchant's brand name because it shows the company is actively safeguarding its customers' private information," said Manav Khurana, Aruba's head of industry marketing. "Merchants found to be out-of-compliance with PCI standards not only risk their good name and customer lawsuits, but could also incur monetary penalties imposed by the credit card branding organizations. Since Aruba's recommended compliance solutions can be implemented economically with minimal disruption, merchants have every reason to bring their networks into compliance as quickly as possible."
For example, PCI DSS v1.2 prohibits cardholder data from being transmitted using Wired Equivalent Privacy (WEP), a commonly used security algorithm that has proven to be easily broken. Given the widespread use of WEP for scanners and other devices, wholesale elimination of WEP-based devices could prove expensive to merchants. The white paper outlines a cost-effective PCI DSS v1.2 compliant solution that remediates the WEP security threat, using an Aruba policy-enforcement firewall to isolate WEP devices carrying non-cardholder data. The security controls thereby avoid the need to replace WEP devices.
Aruba offers integrated security and wireless/wired access solutions that meet or exceed the wireless LAN-specific security requirements in PCI DSS v1.2. Merchants using an Aruba solution can cost-effectively implement the security controls required for PCI compliance without compromising the performance of business applications or upgrading legacy networks.
The new white paper, "Security Is In The Air," can be downloaded from Aruba's Web site at http://www.arubanetworks.com/pdf/technology/whitepapers/wp_PCI.pdf. Aruba will be presenting the new white paper at the PCI Europe Conference in Brussels, Belgium on October 21, 2008, and at an RIS News Web Seminar titled "PCI Version 1.2: What Retailers Need to Know Now" on November 12, 2008.
About Aruba Networks
People move. Networks must follow. Aruba securely delivers networks to users, wherever they work or roam. Our mobility solutions enable the Follow-Me Enterprise that moves in lock-step with users:
-- Adaptive 802.11a/b/g/n Wi-Fi networks optimize themselves to ensure that users are always within reach of mission-critical information; -- Identity-based security assigns access policies to users, enforcing those policies whenever and wherever a network is accessed; -- Remote networking solutions and fixed mobile convergence ensure uninterrupted access to applications as users move; -- Multi-vendor network management provides a single point of control while managing both legacy and new wireless networks from Aruba and its competitors.
The cost, convenience, and security benefits of our secure mobility solutions are fundamentally changing how and where we work. Listed on the NASDAQ and Russell 2000(R) Index, Aruba is based in Sunnyvale, California, and has operations throughout the Americas, Europe, Middle East, and Asia Pacific regions. To learn more, visit Aruba at http://www.arubanetworks.com.
Copyright 2008 Aruba Networks, Inc. AirWave(R), Aruba Networks(R), Aruba Mobility Management System(R), Bluescanner, For Wireless That Works(R), Mobile Edge Architecture, People Move. Networks Must Follow., RFProtect, The All Wireless Workplace Is Now Open For Business, Green Island, and The Mobile Edge Company(R) are trademarks of Aruba Networks, Inc. All rights reserved. All other trademarks are the property of their respective owners.
Media Contacts Michael Tennefoss Aruba Networks, Inc. +1-408-754-8034 [email protected] Patty Oien Breakaway Communications +1-415-358-2482 [email protected]
SOURCE: Aruba Networks, Inc.