I recently had an email concerning the security issues/or propensity of WPA2 for medical WLANS, specifically medical devices. While several companies like AirDefense, (now a part of Motorola) have excellent solutions, it should be noted that www.arubanetworks and Juniper Networks have partnered to provide a FIPS Validated 801.11i Security for Government LANS. Until recently, the only wireless option available to goverment agencies has been to deploy a Layer 2 encryption overlay on top of their wireless infrastructure (per Department of Defense Directive (DoDD) 8100.2). While I agree that there are signifcant radio (RF) management and intrusion detection services (IDS) with today's centralized mobility systems available today, if the CIO of the healthcare IDN has a comprehensive strategic plan, then it is believed that this is a null issue. If the DOD has the compliant solution, it should be strong enough for the healthcare environment of today. Aruba and Juniper are the only partners that can offer a comprehensive FIPS validated 802.11i solution today. A modified driver is needed to run 802.11i in a FIPS-compliant configuration, but these drivers are not available for all devices and platforms. Juniper and Aruba have jointly developed the xSec protocol to address this problem. XSec is a standards based Layer 2 protocol that can provide FIPS-compliant Advanced Encryption Standard (AES) encryption over off the shelf 802.11 adapters and drivers.
