If you have an Aruba account, they sent out a notice.. Below is a portion of the email I received.
Install python openssl mac, For some reason, you may need to remove Python interpreter. But some users face issues when trying to get rid of Python package, which is why we recommend that you read a complete and safe deletion guide on how to uninstall Python on your Mac to prevent any issue. Aug 13, 2018 arubanetworks - airwave: Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attack vector. Jul 09, 2015 There are still many more months to go before we get to see what the results of the Aruba-HP deal will bring. August 18th will be here soon, and that will help Aruba partners and customers figure out what their future purchases should consist of. The bigger question will be answered in 2016, after HP has split into two separate companies. ARUBA AIRWAVE. For detailed device visibility, simply click a chart or graph to drill-down from any network level view, or locate and select a device for a configuration summary and details on connected clients, neighbors, alerts and related events. Mar 03, 2015 Network management with Aruba AirWave Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website.
SUMMARY
The ArubaOS operating system loaded on all Aruba Mobility Controllers and Mobility Access Switches contains a pre-loaded digital certificate with the name “securelogin.arubanetworks.com”. As is stated in the user guide, and multiple customer advisories and Airheads Community postings, the default certificate is not intended for production deployment since every Aruba controller or switch contains the same certificate. Aruba has always recommended customers to replace this default certificate with a certificate issued by a public Certificate Authority or by an internal (PKI) Certificate Authority.
While a majority of security conscious customers have taken our advice seriously and replaced the default certificate, Aruba is aware that there are still other customers that are using the default certificate in the production networks typically for Administrative WebUI, securing the Captive Portal login screen in guest networks and for dot1x authentication with EAP termination enable.
This default certificate (securelogin.arubanetworks.com) was issued by a GeoTrust certificate authority (CA) that is trusted by most browsers and operating systems. However, in light of the following articles, http://www.itnews.com.au/news/aruba-products-contain-compromised-https-certificate-436511 and http://www.darkreading.com/vulnerabilities---threats/cryptographic-key-reuse-remains-widespread-in-embedded-products/d/d-id/1326826, securelogin.arubanetworks.com has been revoked
I wrote previously about the Aruba and HP ecosystems. You can find that post here. I also wrote about Aruba’s culture here, and although I had planned on writing about HP’s culture as I understand it, I don’t know that I need to spend too much time on that. When you look at the difference in the two ecosystems from a wireless perspective(HP is a big company with a broad portfolio), HP is a completely different animal and that HAS to affect their company culture.
Well, what really remains to talk about? I think two things. Execution and product disposition.
Execution
Ask anyone who follows the industry about HP, and you will get a variety of thoughts. However, one of them that always seems to surface is in regards to their ability to execute. There is a history of missteps regarding HP in the executive arena over the past several years. Since Meg Whitman has taken over as CEO, I think we have seen a bit more stability in that regard. When thinking about Aruba and HP combining forces for wireless, I am reminded of a comment that Andrew vonNagy made during a Tech Field Day roundtable at the 2015 Las Vegas Atmosphere conference regarding Meg’s handling of the PayPal acquisition when she was heading up eBay. He mentions that she let PayPal run as a separate entity. Perhaps that will be the same with Aruba, and since the Aruba leadership will be running the campus networking section of HP. it is likely that would be true.
There is one other factor to consider. HP will be splitting into two companies on November 1st of this year. HP Enterprise will be headed up by Meg Whitman, and will handle servers, storage, networking, professional services, and software. HP Inc will handle the personal systems(desktops, laptops, tablets) and printing division. The conventional wisdom coming out of HP is that this will allow greater focus on products catering to specific customers. By having separate marketing, research, development, and sales teams, the two HP companies will be able to bring solutions to the marketplace in a much more focused manner. Time will tell if that is the case. The optimist in me sees this as a good thing. Maybe I am simply recalling Cisco’s attempts to play in the SMB/consumer spaces and mostly backing out of that space. I’ll admit that I don’t see the bigger picture as I am not a finance/business person, so there’s a chance that this could be a horrible disaster, and there are no shortage of articles and commentary with that viewpoint.
In short, HP’s ability to execute well with the future of Aruba’s products is yet to be determined. I suspect it will be mid-2016 before we really start to see if the new HP Enterprise company is a stronger and more nimble enterprise competitor than the legacy HP company. What I am certain of is that you cannot be good at everything. You have to pick and choose certain things and do the best you can. As my friend Devin Akin has pointed out to me, if you try and be good at everything, you will be good at nothing. Even though HP Enterprise will still be broad from a technology perspective, it will definitely have fewer things to worry about than the HP of today.
RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? 2048 bit rsa key strength.
Product Disposition
When I was at HP Discover in Las Vegas last month, I was able to talk with the individual heading up the product disposition between Aruba and HP. I was told that August 18th is the official date within HP that a decision will be made around which products are staying and which products are going. It was still very early on in the evaluation process, so nothing definitive had been decided, and even if it had, that would not have been shared with me. I had some thoughts during the conference, and mostly, I think the same today as I did in early June. Here is what *I* think will happen:
HP Wireless AP’s and Controllers – These are gone. With the Aruba acquisition, there is no need to keep the HP wireless line. For wireless cloud based management, HP was already rebranding Aruba AP’s, so that should tell you something. I don’t see how the HP and Aruba product lines for AP’s and controllers could co-exist. Development was happening much faster on the Aruba side, so I don’t see why the HP product set would stay around.
Aruba Switches – I am still on the fence about these. I think they will stick around for a little bit longer, but only long enough for HP to incorporate some of their functionality into the ProCurve line that HP already sells. I don’t see why HP would keep them once AirWave and ClearPass are able to manage HP ProCurve switches in the same manner they manage Aruba switches today.
Aruba ClearPass – Although there is some overlap with HP’s IMC in terms of functionality, ClearPass is wholly focused on providing/restricting access. IMC is a much more modular system and has the ability to do a bunch of other things. I am not a user of IMC. I have never installed the product into a production environment, so my understanding of it is purely academic. However, I have used ClearPass and know that it is a very powerful product, especially when coupled with Aruba’s wireless solutions. I don’t see HP getting rid of it anytime soon.
Aruba AirWave – I am still uncertain about this product. As others pointed out to me, it was mentioned several times in keynotes during HP Discover 2015, and they would not have done that if they were going to kill it off in favor of HP’s IMC. I think there is pretty big overlap between it and HP’s IMC product, but I am sure there are things that Airwave does today that would take time to implement in IMC. It may end up being a management play for smaller customers, or it may simply co-exist with IMC.
An access key grants programmatic access to your resources. This means that the access key should be guarded as carefully as the AWS account root user sign-in credentials. It's a best practice to do the following: Create an IAM user and then define that user's permissions as narrowly as possible. Create the access key under that IAM user. Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. This operation works for access keys under the AWS account. Aws generate new access key.
Aruba Meridian – I don’t see this product going away. I don’t believe HP has anything similar to this in production.
Closing Thoughts
There are still many more months to go before we get to see what the results of the Aruba-HP deal will bring. August 18th will be here soon, and that will help Aruba partners and customers figure out what their future purchases should consist of. The bigger question will be answered in 2016, after HP has split into two separate companies.
Everything I have written is pure speculation. I don’t know all the things that HP and Aruba know. I don’t run companies for a living. I only see things from the field engineering level. I could be right, and I could be wrong. Unfortunately, I think we have another 6 months or so before we get a good feel for where this ship is headed. I am hoping it all works out for the best. Those of you that use or support Aruba products are probably watching this merger just as closely as I am. I hope it works out for the best for all parties. If it doesn’t, the industry will go on, but it will be worse off if a solid competitor in the wireless space fades off into obscurity.