Wireless Access Doesn't Have To Be A Risk

Securing wireless LANs isn't easy. Just ask any network manager who has the task of adding another way to authenticate users to yet another networked device.

Funk Software Inc. next week is expected to reveal enhanced versions of its Odyssey Server and Steel-Belted Radius Enterprise Edition wireless-authentication applications. Available now, Odyssey Server 1.1 is priced at $2,500 and includes 25 client licenses, and Steel-Belted Radius is priced at $4,000.

Funk has increased the functionality of both authentication apps. Users of Odyssey Server, designed for small wireless LANs, can authenticate users against not only a Windows authentication database, which already was supported, but also a SQL or Lightweight Directory Access Protocol user database, as well as token authentication systems such as RSA Security Inc.'s ACE/Server.

Funk's Steel-Belted Radius authentication server, designed for large wireless LANs, now supports the new Extensible Authentication Protocol-Tunneled Transport Layer Security protocol, which runs on 802.1x and helps solve many weaknesses of the Wireless Equivalent Privacy encryption specification, such as mutual authentication of the wireless LAN client and server (see "Networks Without A Safety Net.") Steel-Belted Radius now distributes per-session, 128-bit encryption that increases data security. And the spec lets companies authenticate users with existing identity databases.

Funk's Radius server also supports the Extensible Authentication Protocol-Transport Layer Security for companies that use public-key encryption. And for large companies with widely dispersed offices, Funk is unveiling Steel-Belted Radius Global Enterprise Edition for $10,000.

The ability to authenticate users with existing identity databases will help companies better manage authentication to wireless networks, says Pete Lindstrom, security director at Hurwitz Group. "You definitely don't want to create an entirely new database to manage."

But Lindstrom warns that managing and authenticating users to wireless LANs is only part of the problem with wireless devices within companies. The biggest problem is so-called rogue wireless access points creeping onto the network. "Anyone can go to a local retailer, spend a couple hundred bucks, and pop a wireless device onto the network," Lindstrom says. So even companies that try to securely deploy wireless LANs using tools such as Funk's software, among the first to support the latest standards, need to remain vigilant against wireless devices, which are rarely securely configured, creeping onto their systems.