Wireless nets get some help
Back when wireless networks were just starting to appear in government, the GCN Lab wrote a tutorial of 11 important steps for making a WLAN more secure. Admittedly, although it's all good advice, many of those steps are difficult to implement without some training [go to www.gcn.com
and enter 489 in the GCN.com/box].
If only there were a magic silver bullet so admins could automatically configure a secure WLAN. If our experience is any indication, LucidLink wireless security software from Interlink Networks can ease a lot of pain. While it's not quite a perfect solution, it's at least a silver-plated bullet.
We set up LucidLink software on one of the test servers in the GCN Lab. Once installed, it easily found all connected access points and was able to configure them to work within the LucidLink framework. This is an incredibly easy process. You simply select the company and model number for your access points. The software then automatically configures what is in fact a Remote Authentication Dial-In User Service server. We've configured many RADIUS servers over the years, and there are about 100 things you'd normally do to make one work correctly. With the LucidLink software, the server automatically configures itself and the access points.
Keep in mind, LucidLink does not fully support all access points, which is one of its drawbacks. We tested LucidLink using D-Link DWL-2200 APs, which it does support. The software's auto-config tools work with most modern APs from D-Link and Linksys, plus two models from 3Com. If you have the right APs, you can use the automatic controls to configure them with just a couple clicks. If you don't, you're in for a longer process.Not all APs supported
LucidLink's automatic configuration tool won't work with APs from Allied Telesyn, Belkin, Cisco, Colubris, Gentek, Motorola, Netgear, Proxim, SMC, USRobotics, ZyXel and a handful of others, although the software will still support them. In most cases, you have to go through extra steps. We tested the software with a Cisco Aironet 350 AP and it worked fine, but took much longer to set up. This could be significant because you have to configure each access point on your network. If the auto-config tool works, this is no problem. But don't overlook nonsupported APs. It does little good to protect one access point if you leave others open.
Once your APs are configured, a client just has to try and connect to the network. He will then be asked to enter a user name and password. At that point, if the person has never been on the network before, he will have to wait for an admin to grant access.
This is a good and bad thing. For one, it forces an administrator to know who is trying to connect to a WLAN.
You can set up LucidLink to display a message so the user knows he's waiting for access rights.
The message could include the admin's contact information in case the user needs access right away. But unless you have an alternate process in place, the user can't get into the network until someone with the proper authority is available.
This authorization requirement only applies to first-time connections. On subsequent visits, the user connects normally. However, the administrator can still control access. When a user is authorized to use the network, the admin can set their access to expire after a certain time. In addition, you can boot users from the system at any time. This is helpful if a notebook is stolen because the admin can immediately suspend the wireless account.
Although the LucidLink system seems simple on its surface, the underlying encryption is industry standard. You can configure an access point to use Temporal Key Integrity Protocol, though this will only work with devices that are WiFi Protected Access-certified. The software also supports the IEEE 802.11i standard, which includes 256-bit AES encryption.
LucidLink takes a lot of the mystery out of securing your wireless network. As long as you have an admin who can authorize access, this is a very secure and usable solution.