Wireless Security Corp. offers small offices authentication over the Internet: WSC allows offices that don't have a built out IT infrastructure a chance to have wireless security like the big boys using WPA (Wi-Fi Protected Access) and 802.1X.
WSC's solution is to outsource the authentication part for Windows XP and 2000 users on a wireless network. WSC's software helps users set up their login and password. The user or an administrator also downloads a tool that configures the access point (AP) so that WSC's servers recognize it.
With 802.1X, the AP restricts access until a client is authenticated. When credentials are exchanged -- and WSC requires Protected EAP (PEAP), and can use WPA if it's available -- the AP opens access. The authentication server doesn't have to be local, because 802.1X supports EAPOL (EAP over LAN). "The AP will act strictly as a middle man," said Ulrich Wiedmann, vice president of software development for WSC.
WSC has a fallback mechanism in case the AP can’t reach their servers. "Probably the weakest link in the infrastructure is the customer's Internet connection," said Wiedmann. The fallback agent monitors the connection to the WSC RADIUS server and kicks in when it detects that the server isn't reachable.
The fallback is WEP. WSC dynamically generates and distributes a WEP key specific to each network to all users of that network once they successfully authenticate. If users have that key but can't authenticate via WSC's servers, they can still use the WLAN for local network functions like accessing a file server or sending a job to the printer via a PC on the network running fallback software.
"This is the area where we have a benefit over someone with their own RADIUS infrastructure," said Wiedmann. That's because when a RADIUS server in an enterprise goes down, the wireless network is essentially disabled because 802.1X doesn't let users in unless they're authenticated, he said.
Altera Corp. in San Jose has used the system as a pilot and is now using it as a regular customer. The service lets Altera's IT managers rest easier. "Their IT department didn't want to do anything to support home users, so they said users were not allowed to use their home wireless networks. But they were afraid they would, and that would open up vulnerability," said Stu Elefant, vice president of marketing for WSC.
Now 11 Altera workers use the WSC service so they can securely use their home WLANs and more should follow.
The service costs $8 per person per month or $59 annually. The hardware and software requirements are currently quite strict, although the list of APs includes a variety of commodity equipment.