Strong wireless security for the SOHO network

LucidLink makes it easy to shut out unwelcome guests.

It's likely your home users haven't enabled security on their wireless networks. As the go-to guy, you can configure security settings for them and hope those users don't mess those settings up, or add software that lets users add and remove new and visiting users (as for when your teen's friends come over) without much effort (or calling you on the phone). That's the idea behind Interlink Networks' LucidLink , which provides enterprise-level wireless security simply enough to use on the home network.

The software uses encryption based on Wi-Fi Protected Access (WPA ), along with advanced authentication techniques to protect network traffic and initial access. It uses a client/server model to authorize only those clients given specific permission to access the LAN.

WPA provides a higher level of protection than WEP , but it doesn't address user authentication. Granting and revoking access to your wireless network, say, at the beginning and end of a LAN usage cycle, often involves changing the encryption key on every system on the network. LucidLink streamlines this process down to two button clicks.

The software also includes automatic access point configuration, but for only four devices from two vendors. We tested LucidLink Home Office Edition with a D-Link Systems DWL-2100AP access point and DWL-G650 PC Card wireless adapter.

LucidLink Home Office Edition

Price: Three-user, $99; 10-user, $499; 25-user, $895.

Installation time: Less than 30 minutes.

Ongoing maintenance: Each new user requires access rights to be granted, but this only takes a button-click. Backups of the configuration files also should be performed regularly.

Bottom line: Simple installation that hides the complexity of a RADIUS-based authentication server and 128-bit key security.

Setup includes installing server software, client software and an optional remote administration tool. The server requires a wired connection to the LAN via an access point or router, and a static IP address. The static IP tells the client software where to go for authentication. To test this, we configured the D-Link access point to use IP addresses 192.168.1.100 and above for DHCP and picked 192.168.1.40 for the server. We then installed the server software on a Gateway dual 3.06-GHz Xeon server with 2G bytes of RAM and running Windows Server 2003, although LucidLink also works on XP.

The server software includes a RADIUS server program that handles client authentication. After installation, a configuration application launches, which registers information such as access point hardware type and administrator password. You must choose either maximum security or maximum compatibility, and all clients connecting to one access point must use the same authentication/security settings. Maximum security is the best choice, but requires hardware that supports the full Temporal Key Integrity Protocol standard. The best option is to buy supported hardware such as a Linksys access point and a newer adapter card. LucidLink keeps an up-to-date list of compatible hardware on its Web site.

Client setup only took a few steps. We configured the wireless adapter first, forgetting to install the driver software before we inserted the card. Once we fixed that, the rest was a snap.

Next, we installed the LucidLink client software, which took only a minute or two. We created a user name and selected it. The administrator must authorize the user before he can access the network. The user guide includes a highlighted note recommending users shut down the system when changing users on an XP device to ensure a second user doesn't gain access to the network using the first's credentials.

Access granted

Operation after this step is transparent. The first time a user connects with the LucidLink client, he has to wait until the administrator grants access from the "server" management console. Once approved, the client will connect automatically whenever it enters the access point's range. To connect to a different access point, you have to disable the client and re-enable the adapter to let Windows configure the wireless network settings. This could get to be a hassle if you switch networks frequently.

The LucidLink management console provides a simple interface. Users must be authorized for either a specific amount of time or granted unlimited access. Rescinding users' authorization is as easy as unchecking a box. However, when you revoke users' authorizations, they still have access until they disconnect from the network. An event log also shows details for each authorization event.

The only administration task is backup and recovery. The manual recommends copying two binary configuration files to a back-up directory on another machine or external drive. Recovery consists of re-installing the software and copying the back-up files to a configuration directory.

Considering the work going on behind the scenes with RADIUS authentication and secure access key generation, the LucidLink software was pretty simple to install and configure. It was also easy to administer for a small number of users. For more than 100 users, the company offers an enterprise product.

Ferrill can be reached at paul@ferrill.net.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT