It’s common knowledge that when it comes to securing a wireless network, WEP, while still better than nothing, is only slightly better. In fact, using WEP is a lot like locking your car doors but leaving the key in the ignition with the engine running. And while WPA is nothing less than a huge improvement over WEP, WEP and WPA still have something in common— while both encrypt wireless traffic, neither does anything to authenticate users trying to associate to your WLAN.
Those who want to add this extra layer of security to their wireless network may want to look into SecureMyWiFi, a service from WiTopia.net (a subsidiary of Full Mesh Networks) that improves WLAN security by requiring users to authenticate to a remote server before granting access. The technology behind SecureMyWiFi is RADIUS (Remote Authentication Dial In User Service), which is widely used by ISPs (think about your username/password to sign on to a dial-up connection) as well as the corporate world.
In order to use SecureMyWiFi, you must have an access point or wireless router that supports WPA-Enterprise or WPA2-Enterprise (which are sometimes referred to as WPA-RADIUS and WPA2-RADIUS).
Remember that WPA-Enterprise is not the same thing as WPA-Pre Shared Key (WPA-PSK, or WPA-Home), which uses a pass phrase-generated key to encrypt wireless traffic. While WPA Enterprise/RADIUS uses a similar method of encryption, it takes the extra step of authenticating users before allowing them to associate to the network.
Holding the user accounts is a RADIUS database that typically resides on its own server somewhere on the network. Some vendors access points (ZyXEL comes to mind) even have a basic RADIUS server built in, eliminating the need for a separate server. But what makes SecureMyWiFi interesting is that it can add RADIUS authentication to your WLAN without needing a RADIUS server of your own. The server and the authentication list it holds are hosted remotely. (The downside to this is that you need a full-time Internet connection to get authenticated.)
Lots of routers and access points don’t support WPA-Enterprise To help you find a compatible device. WiTopia provides a link to a lookup tool hosted at the WiFi Alliance Web site, or you can access the database directly. But as you’ll see later on, simply finding a WLAN device that’s WPA-Enterprise-capable may not be enough.
Setup and Configuration
Signing up for the SecureMyWiFi service is a simple task. After creating an account on the WiTopia Web site, you’ll receive an e-mail with configuration information as well as a link to complete the registration process online. When you click the link, you’re also asked to provide the manufacturer and model of your AP, along with either your IP address or one or more MAC addresses from your AP hardware.
RADIUS typically uses an IP address along with a shared secret as a means of authentication. However, if your ISP provides a dynamically assigned (and thus potentially changing) IP address — as will often be the case — a MAC address from your access point can serve as a piece of static identification information that SecureMyWiFi will use to authenticate your account.
After entering account and hardware information online, the next step is to configure your router or access point to communicate with the SecureMyWiFi server. The steps will vary slightly depending on the make and model of your hardware, but it essentially involves enabling WPA Enterprise authentication/encryption, inputting the 32-character shared secret (used to encrypt data), and telling the access point where to find the SecureMyWiFi servers. (Both an IP address and FQDN are provided by SecureMyWiFi, though many SOHO routers only accept an IP address.)
After adjusting the AP configuration, the final step is to reconfigure any clients that will connect to the wireless network so that they authenticate using EAP (Extensible Authentication Protocol). With Windows XP, this is a matter of about a dozen mouse clicks and should take less than a minute per computer. Once reconfigured, joining the network requires that you provide an account username and password in lieu of an encryption key.
WiTopia positions SecureMyWiFi as being quick and easy to set up, even for non-technical users. That will probably be the case for many, but if our initial experience was any indication, there may be unexpected pitfalls encountered depending on what hardware you use.
After proceeding through the SecureMyWiFi account setup and hardware configuration process (since our IP address was in fact dynamic, we entered a MAC address for our Linksys WRV54G WLAN router), We attempted to sign on to my newly reconfigured wireless network. However, after we entered our username and password, the computer seemed to ruminate for several seconds before prompting us anew for the same information. Even after verifying all the configuration settings, the problem continued to occur each time we tried to sign on.
A chat with WiTopia personnel pointed out the problem: our particular Linksys router model. According to WiTopia, it turns out that the WRV54G does not output the proper RADIUS data, which prevents authentication. Adding insult to injury, the WRV54G also accommodates a maximum shared secret of only 20 characters, 12 short of what SecureMyWiFi requires.
After striking out repeatedly with the Linksys device, we replaced it with a D-Link DWL-2100AP access point and was able to connect without any problems.
According to WiTopia, that type of problem is relatively uncommon, but it acknowledged that the overwhelming number of device manufacturers, models, and firmware versions out there makes comprehensive advance testing essentially impossible. WiTopia has verified the compatibility of several WLAN products like the Apple AirPort Express, Linksys WRT54G and WAP54G, and Proxim AP-4000 and AP-700, all of which are available for sale, pre-configured, at WiTopia site.
Documentation and Support
WiTopia doesn’t offer technical support over the phone, but it does provide assistance via e-mail. You can access a document library that walks you through the configuration steps for both Mac OS and Windows clients as well as the Linksys and Apple hardware mentioned above.
WiTopia also maintains a support forum on its Web site (annoying fact: your SecureMyWiFi account credentials won’t get you access to the forum — you must register for it separately). At the time of this writing, the forum had fewer than two-dozen members and relatively few entries posted, reflecting the fact that SecureMyWiFi has only been live for about 45 days. So it won’t provide much in the way of instant gratification if you have a problem. On the plus side, forum moderators seemed to respond to questions fairly quickly — in hours if not minutes. Hopefully, that responsiveness will be maintained as forum activity increases.
So what does SecureMyWiFi cost? Surprisingly, not very much — an annual fee of $29 lets you use the service with one access point and create up to five user accounts. (You can add, modify or delete accounts — or access points, for that matter—at any time.) You can add additional access points (up to five total) for $10 each, and similarly add additional users (up to 25 total) for $1 per user (in groups of five). The company plans a business-oriented version with higher-user capacities.
For what amounts to about eight cents a day, SecureMyWiFi can improve your wireless security over that provided by either WEP or WPA-PSK not only by securely encrypting your traffic but by authenticating users as well. The only thing that mars the product is the inability to be certain in advance whether your WLAN device will actually work with it. At the moment — given the sheer variety of WLAN hardware available — there’s no ironclad way to know whether a given piece of hardware (excepting those currently sold by WiTopia) will work with SecureMyWiFi, until you try it. WiTopia says it plans a site list of hardware that has been confirmed to work or not work, which will help.
Price: $29 per year (provides one secure access point and five user accounts)
Pros: Inexpensive; adds user authentication to WLAN without additional hardware or software
Cons: Service may not work with some access points
Adapted from wi-fiplanet.com.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|