InterLink wants every office to have affordable wireless security: InterLink introduced LucidLink Wireless Security several weeks ago to connect smaller offices with enterprise-grade wireless encryption. The company knows how to build RADIUS and other authentication servers, and it saw the large gap between pre-shared secrets--subject to social engineering and potential cracking--and servers that require IT expertise and cost tens of thousands of dollars.
In an interview with InterLink's president and CEO Mike Klein and vice president of marketing Wayne Burkan, they laid out how this new offering might appeal to the hundreds of thousands of businesses without information technology departments but who would benefit from a secure, login-based wireless network.
LucidLink is a small RADIUS server that has a simple front end, less complicated than, say, setting up calendar entries in Outlook. It requires a special client to be installed on computers. The client requires a reboot after installation--in the current version--and that's the most onerous task in gaining access to the network. An administrator uses a simple program to approve users as they request access via the client software. It's an option-free package that meets a high bar of wireless network security through unique WPA master session keys per user.
Klein explained that InterLink's primary business remains on the high-end. One ISP they work with, for instance, has 6.5 million users that authenticates using 13 AAA (authenticiation, authorization, accounting) servers from InterLink. The firm works with AT&T, Swisscom, and other giants, and has their software incorporated by firms like HP and Siemens and repackaged by Infobox into hardware appliances.
"Security itself is fairly complex today in the enterprise marketplace," Klein said. The idea behind LucidLink is that it "brings a consumer-oriented ease of use model." He likened it to a garage-door opener, which masks a fair amount of wireless technology with a single button.
"We're bringing enterprise-level security down into the small-to-medium business market" with the ease of use experience required by the small business, Klein said, calling LucidLink "RADIUS for the rest of us." LucidLink takes the management of this network away from an IT manager and puts it "on the desktop of an administrator, like an office manager or a receptionist," or the same person who handles cell phone numbers, access codes and badges, or building access.
Klein acknowledges that WPA (Wi-Fi Protected Access) provides a higher bar of security, but says that pre-shared keys aren't useful for small businesses because they don't reflect the realities of temporary guests or workers or people leaving their jobs or being fired. To reconfigure the key, every user has to be off the network briefly and simultaneously, and then enter the new key to get back on. The coordination is a problem for even smaller networks.
Even if you have an 802.1X system with WPA running, Klein notes that Windows XP has 60 separate combinations of options if you dig through all of the associated checkboxes and dialog boxes for 802.1X connections.
The server side isn't any better with Windows Server 2003. InterLink brought in a customer and had them get a RADIUS server with 802.1X authentication up and running. It required 177 decisions and 12 hours to configure a single user.
Klein said the company charged its engineers with a mission: it's all about suportability. "Don't give the user all the options that come in a standard RADIUS server," he said.
To use LucidLink, it does require the installation of their client, which is used to create a certificate-based EAP session using the Diffie-Hellman key exchange. The client handles the exchange of credentials for trustworthiness. The server side of LucidLink allows an administrator to confirm the client by checking a cryptographic fingerprint before they authorize them in the system.
Klein said that the biggest problem they've faced after releasing the software is that access points can be difficult to configure correctly for 802.1X passthrough. They have profiles for several access points in their initial release, and will add more common ones in the future. An administrator could then just plug in an access point, point LucidLink's server package at it, and the AP would be configured correctly with no additional work needed.
Burkan ran me through an online demo of the system to show how simple it was. The server side runs under Windows XP or 2000, while the client works just on Windows XP but they'll expand that over time. The server application requires direct access to the machine that's running it, or can be accessed via Windows Remote Access. Burkan said, "When we talk about [the] server, it's the same machine that the office manager is using to do email and Word." The computation requirements are extremely low.
After installing and configuring the server package, each client for the network installs the LucidLink package. After rebooting, the client software can be run and try to connect to the network. As each client connects, the administrator sees these attempts in the server application, and then approves them after confirming their fingerprints with the connecting user. (This removes rogue user attempts even if they can get the LucidLink client software installed.)
The user control is granular, allowing unlimited use or timed use. Users can be suspended, removed, or re-enabled. A regular visitor can have their access turned on just while they're known to be in the building for instance, but disabled at other times.
InterLink sells its software via value-added retailers, but it's also talking with Wi-Fi gateway makers. Klein said, "We bring a very happy medium and allow both ends of the market to deploy their access solutions into the middle of the market." The software costs $449 for 10 users, $895 for 25 users, and $1,595 for 50 users direct from InterLink, with support and upgrade plans costs $150, $295, and $495, respectively. The software allows unlimited registered users; the license limits active users only.
It's true that the next big leap in small business routers will be to jump from WPA-PSK, a shared key with associated risks and complexity, to secured 802.1X with WPA--a solution that InterLink seems poised to bring to a broader market.