x
Optical/IP

Microsoft Sniffs Out Aruba

Microsoft Corp. (Nasdaq: MSFT) is undertaking a major security upgrade on its worldwide wireless LAN network -- using an intrusion detection system from 802.11 switch startup Aruba Wireless Networks to try and stop unauthorized use of access points (APs) across its campuses.

For those of you who don't know, Microsoft runs one of the largest corporate wireless LAN networks in the world. The software giant has an installed base of 4,505 APs in its offices around the globe. Up to 18,000 users log on to this network daily.

By way of comparison, T-Mobile USA, which operates the largest WLAN public access network in the U.S., has 4,591 live sites up and running (as of last week).

Microsoft network engineer Don Berry says that the network is mostly made up of 340 and 350 series access points from Cisco Systems Inc. (Nasdaq: CSCO).

"The 340s are on the older campus, the 350s are generally outside of Redmond... and we have a smattering of 1200s."

With an almost ubiquitous wireless LAN network in place, Berry's major security concern is one that will be familar to many IT managers that grappled with installing 802.11 networks: preventing unauthorized access points from connecting to the corporate network.

"We narrowly defined our issue as rogue APs," says Berry.

To detect rogue APs across his entire network, Berry plans to use about 600 of Aruba's Air Monitors -- working purely as passive sensors -- controlled by seven Aruba switches.

Using the Aruba access point purely to "listen" to the radio network -- rather than transmitting and receiving as a standard AP does -- the Microsoft man has found he can get drastically more range out of the devices.

"A pure sensor can cover about 50,000 square feet. I can have four in a 200,000 foot building and get pretty full coverage."

But it's Aruba's ability to sit in the data path and monitor MAC (Media Access Control) addresses on the network and match them against an existing Microsoft SQL database of MAC addresses (if the WLAN switch doesn’t find the MAC address in its own internal database) that Berry claims was the real attraction to the system. Once the system detects a MAC address on the airwaves that is also on the wired network, it knows for sure that it has detected a li'l rogue and blocks access to the network.

Overall, Berry seems keen on the idea of a centrally managed wireless LAN architecture for future deployments. Perhaps that's not so surprising, since more than half of the network elements he manages are standalone access points.

"If I can reduce the number of managed elements by a factor of ten, that's a huge win. That's the target I'm shooting for." It's a consideration that will no doubt come into play as Microsoft looks to update its massive network of APs.

"We're planning our next generation of access points as we speak. We'll be issuing an RFI [request for information] soon."

— Dan Jones, Site Editor, Unstrung

carbono 12/5/2012 | 1:39:50 AM
re: Microsoft Sniffs Out Aruba Don't understand...unless they used multi BSSIDs.
The mac on the wire is the mac on the air, for common systems....
donbe 12/5/2012 | 1:39:36 AM
re: Microsoft Sniffs Out Aruba The MAC that is captured is the MAC of the client and not dependent on communication "with" the AP. Since APs are a L2 bridge, the AP forwards the client MAC out its wired port. That is where we make the link between "heard in the air" and "heard on the wire"
scseth 12/5/2012 | 1:39:25 AM
re: Microsoft Sniffs Out Aruba
Microsoft realizes Aruba runs Linux on those switches right? Bwahahaha :)
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE