It's likely that users in your organisation who work from home have not enabled security on the wireless networks in their houses. The evidence is that full blown 802.11i security is too complex for many enterprises, and the simpler WPA security is beyond many SOHO sites.

As a network manager, you can configure security settings for teleworkers and hope they don't then mess those settings up. However, you may still get support calls from them if they want to make changes - for instance if their teenage child's friends are visiting and want access.

InterLink's LucidLink could prevent these calls by letting your colleagues administer home security, adding and remove access for new and visiting users without much effort. It provides enterprise-level wireless security simply enough to use on the home network.

Produced by Interlink, LucidLink is bundled with some WLAN hardware. It can also be downloaded from the LucidLink site. The company is developing a reseller network, and expects to have a partner in the UK soon: "We plan to distribute in the UK as it's definitely a prime market.," Wayne Burkan, vice president of marketing told Techworld. Read LucidLink's White Paper on authentication on wireless LAN hotspots.

The software uses encryption based on Wi-Fi Protected Access (WPA), along with advanced authentication techniques to protect network traffic and initial access. It uses a client/server model to authorise only those clients given specific permission to access the LAN.

WPA provides a higher level of protection than WEP, but it doesn't address user authentication. Granting and revoking access to your wireless network, say, at the beginning and end of a LAN usage cycle, often involves changing the encryption key on every system on the network. LucidLink streamlines this process down to two button clicks.

The software also includes automatic access point configuration, but for only four devices from two vendors. We tested LucidLink Home Office Edition with a D-Link Systems DWL-2100AP access point and DWL-G650 PC Card wireless adapter.

Installation time: Less than 30 minutes
Setup includes installing server software, client software and an optional remote administration tool. The server requires a wired connection to the LAN via an access point or router, and a static IP address. The static IP tells the client software where to go for authentication. To test this, we configured the D-Link access point to use IP addresses 192.168.1.100 and above for DHCP and picked 192.168.1.40 for the server. We then installed the server software on a Gateway dual 3.06-GHz Xeon server with 2 Gbyte of RAM and running Windows Server 2003, although LucidLink also works on XP.

The server software includes a RADIUS server program that handles client authentication. After installation, a configuration application launches, which registers information such as access point hardware type and administrator password. You must choose either maximum security or maximum compatibility, and all clients connecting to one access point must use the same authentication/security settings. Maximum security is the best choice, but requires hardware that supports the full Temporal Key Integrity Protocol standard. The best option is to buy supported hardware such as a Linksys access point and a newer adapter card. LucidLink keeps an up-to-date list of compatible hardware on its Web site.

Client setup only took a few steps. We configured the wireless adapter first, forgetting to install the driver software before we inserted the card. Once we fixed that, the rest was a snap.

Next, we installed the LucidLink client software, which took only a minute or two. We created a user name and selected it. The administrator must authorise the user before he can access the network. The user guide includes a highlighted note recommending users shut down the system when changing users on an XP device to ensure a second user doesn't gain access to the network using the first's credentials.

Access granted
Operation after this step is transparent. The first time a user connects with the LucidLink client, he has to wait until the administrator grants access from the "server" management console. Once approved, the client will connect automatically whenever it enters the access point's range. To connect to a different access point, you have to disable the client and re-enable the adapter to let Windows configure the wireless network settings. This could get to be a hassle if you switch networks frequently.

The LucidLink management console provides a simple interface. Users must be authorised for either a specific amount of time or granted unlimited access. Rescinding users' authorisation is as easy as unchecking a box. However, when you revoke users' authorisations, they still have access until they disconnect from the network. An event log also shows details for each authorization event.

The only administration task is backup and recovery. The manual recommends copying two binary configuration files to a back-up directory on another machine or external drive. Recovery consists of re-installing the software and copying the back-up files to a configuration directory.

Considering the work going on behind the scenes with RADIUS authentication and secure access key generation, the LucidLink software was pretty simple to install and configure. It was also easy to administer for a small number of users. For more than 100 users, the company offers an enterprise product.

OUR VERDICT

Simple installation that hides the complexity of a RADIUS-based authentication server and 128-bit key security.