AirID protects your data while you roam the office

Pros and cons:
+ Hands-free supplemental security
+ Scan range adjustable
+ Noninterfering frequency
– Security exposure from lost badges


Real-life requirements:
Windows 9x or NT


All the network security in the world does no good if logged-in users leave their
computers on and unattended during breaks or at lunch. An office full of such computers is
an open invitation to mischief.


Some security-conscious agencies require users to log off every time they leave their
computers, even for an instant. Over the course of a day, the repeated log-offs and
log-ins steal time from meaningful work.


What if computers were smart enough to lock themselves down when users left and come
back to life automatically when they returned? AirID from RF IDeas Inc. does this by
detecting the proximity of an authorized user. If the person steps away, the system locks
down with a screen saver that won’t unlock until the user returns. That’s a
pretty powerful supplemental security tool.


The AirID black box, equipped with a radio-frequency transmitter and a 3-inch-long
antenna, attaches to the COM port of a standard PC or server. Users clip a credit
card-sized badge to their clothing to identify themselves to the box. For greater
security, the badge need have no visible identification, such as a name or photo.


While a user sits and works at the PC, the badge and the box communicate at a radio
frequency of 916.5 MHz—outside the range of cellular phones and most wireless
networking products. The narrow frequency holds down potential interference with other
electronic devices. A lot of odd signals bounce around the GCN Lab, and my test badge
never had a problem communicating with its base unit.


Whenever a badge-wearing user leaves the computer, it locks up after the base unit has
had no contact with the badge for a set time. The default, one minute, is about right to
prevent accidental lockups.


An auditing feature, which runs under Microsoft Windows, records user events such as
manual password or badge access and automatic log-ins by badge-wearing Windows NT users.


Users select one of four settings for badge scanning: short, shortest, long or longest
distance from the base unit. In practice, the shortest scanning range forced me to sit too
close to my PC for comfort. If I leaned back in the chair, I risked causing a lockup.


At the longest setting, the badge was detectible from more than 20 feet, even with lab
doors closed to isolate it from the base unit. That’s a bit too far for high
security; you could be in another room, out of sight of your PC, and still be logged in.
The long setting worked best for me and seemed appropriate in open or cubicle
environments.


RF Ideas officials claim the badge’s dime-sized lithium battery will last a year
if the user triggers badge scans only by tapping the keyboard. You can set the base unit
to query continuously for authorized badges without any user interaction, but this drains
the badge batteries much faster and is not recommended.


Breaking in proved difficult, though there were some exploitable holes in AirID. One
especially nice feature: If the base unit is disconnected, no user can log in without the
proper badge. You can sever the cable between base unit and PC to prevent anyone from
logging in, but you can’t gain access that way.


You can, however, simply reboot the computer. This is the main reason AirID will always
be a supplemental security product. Rebooting sends users to the main security gateway,
assuming there is one. Users can still log in with passwords, too.


The biggest security hole is the potential for badge loss. Anyone who finds or steals a
badge might get into the network. Employees would have to be trusted to report lost or
stolen badges immediately.


AirID’s screen saver is pretty ugly and you’re stuck with it on systems
running Windows 9x, but not under Windows NT.


Each badge has a unique serial number, so multiple badges can be set up in the same
office. AirID is perfect supplemental security for busy users who step away from their
desks often and don’t want to have to worry about network security exposure.  
 

About the Author

John Breeden II is a freelance technology writer for GCN.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above