The RADIUS server without hardware – Wi-FiPlanet.com
By Eric Griffith
08 October 2003
Small and medium-sized businesses looking for advanced 802.1X authentication for their WLANs may not need to configure their own server, as a new hosted solution provides subscribers with secure access.
Currently, standard WLAN security beyond Wi-Fi Protected Access (WPA) to prevent riff-raff means going with 802.1X authentication. However, not all businesses want or are able to install the Remote Authentication Dial-In User Service (RADIUS) server needed to track users and their connections. It can start off expensive and get trickier from there.
Wireless Security Corporation (WSC) to the rescue. The company – what we used to call an “application service provider”, but now only provides a “hosted service” that you don’t have to run on your own computers – has launched a service RADIUS / 802.1X for Small and Medium Business (SMB) called WSC Guard.
Using a subscriber-based business model – averaging around $ 8 per user per month, but volume discounts can bring it down to $ 59 per user per year – SMBs can sign up with WSC and create a master list of authorized end users on their wireless network. The list is entirely created in a web interface. After that, each end user needs to download client software (either directly from WSC or get the software from the network administrator who created the list) that configures the user’s computer and Wi-Fi access card. Fi to work specifically with WPA-based 802.1X authentication (using PEAP). The next time users want to access the WLAN, they are first checked through their Internet connection against the user list on the RADIUS server hosted by WSC Guard.
“We have a totally fault tolerant RADIUS infrastructure; we have a patent to make RADIUS on the Internet – that’s part of our secret sauce, ”says Stu Elefant, vice president of marketing at WSC.
The WSC Guard software also configures the access point hardware in the SMB slot to be ready to work with WPA / 802.1X.
Of course, the main limitation of this service is hardware compatibility. WPA is hardly universal in Wi-Fi products; Support for 802.1X is arguably even less so, at least in consumer products likely to be found in some SMB networks. However, WSC responds by saying that even non-WPA clients can use the service with a lower level of security; for example, they could always visit a Wi-Fi hotspot.
Setting up guest access with time limits and selective access to network resources is supposed to be pretty straightforward (and login for guests is free). Elefant says the web-based management interface is simple enough that anyone from the network administrator to the receptionist can enter a new username and password for limited use. The information is stored at the WSC Authentication Center, which in turn tracks login failures, potential attacks, and crooks, and provides regular status reports.
Failure of the Internet connection to the network would mean that no access to the hosted RADIUS would be interrupted, and that should not mean any access for anyone to the WLAN, but networks running a backup PC – one that uses special software to WSC to monitor Internet connection – can continue to have access. In this case, the connections are simply fictitious up to the standard Wired Equivalent Privacy Encryption (WEP) security. The same login name can be used on other sites that use WSC Guard.
Right now, the company offers a free trial of WSC Guard, and the company offers a list of supported WPA and 802.1X products on its website. The software is limited to Windows 2000 and XP users.
WPA is a subset of what is expected in the 802.11i standard for security. According to Ulrich Wiedmann, Vice President of Software Development at WSC, “Authentication is basically the same. We will advance the service as the standards evolve. We will offer customers the option to ignore the [WLAN security] Marlet.”
It is possible that the WSC Guard client is offered to work with existing RADIUS servers installed in companies, and that WSC allows third parties, such as access point networks or operators, to host their own servers. RADIUS using WSC technologies. For now, they are focused on getting clients in the SME space.