Enterprise WLAN security meets small offices

Small companies and branch offices requiring strong network security have often had to pass up the benefits of a wireless network rather than deal with the cost and complexity of installing and maintaining an 802.11x RADIUS authentication server or IPSec VPN.

Interlink Networks’ new product, LucidLink, aims to give small offices with limited or no IT support the best of both worlds.

LucidLink is 802.11 WLAN security software that provides enterprise-level network security and access control but hides the configuration details behind a handful of easy set-up screens – so easy, in fact, that Interlink expects customers to hand off WLAN administration tasks to the office manager, putting them on a par with granting a visitor badge.

“We emulated the consumer experience to make it like programming a garage door opener,” says Mike Klein, president and CEO. Rather than require a dedicated RADIUS server, LucidLink server software installs on any network machine.

Key is the LucidLink management console, which lets non-technical personnel manage access to the wireless network.

When a new user first tries connect to the wireless network, he’s prompted to create a user ID by typing in his name. When he hits ok, the request is sent to the access point, where an EAP key exchange takes place between the access point and the server, just as it would with a standard RADIUS server.

But with LucidLink, the exchange generates an eight-digit authentication code that is sent to the user and administrator. The system prompts the user to provide his authentication code. If the codes match, the administrator will authenticate the user.

“The human intervention piece is what’s different here,” says Chris Trytten, the company’s director of product management. “Rather than have all that public key infrastructure, we suspend the EAP method while the people talk to each other. Without that, you’d have to install public keys.”

The administrator uses the management console to maintain a list of users to whom he can grant or deny access with a button click. You can set access authorization dates, and also deny permission and then allow it at a later date, a handy feature for managing recurring visitors.

LucidLink also automatically configures some wireless networks. Currently the product works only with D-Link and Linksys access points; more will be added, the company says. Users install the “client copy installer” on each PC with a WLAN card, and LucidLink asks for the access point’s name and model number. The software also asks whether you want maximum security(which requires connected systems to support Wi-Fi Protected Access, for instance) or maximum compatibility (which lets you connect a mix of Wired Equivalent Privacy and WPA systems).

LucidLink is geared to firms with fewer than 250 users. Bigger companies that need access to back-end directory services such as Lightweight Directory Access Protocol will need to invest in a RADIUS server or VPN. LucidLink costs $449 for 10 users.