Enterprise Authentication at Home
April 01, 2005
A new hosted service promises to let SOHOs with wireless get the same security as big corporations, for just a few dollars a year.
Most homes and small businesses don't have servers, or even wireless routers, that support 802.1X authentication with a Remote Authentication Dial-In User Service (RADIUS) server. WiTopia, an offshoot of Full Mesh Networks, says that shouldn't be an issue. The company -- which has nothing to do with mesh networking technology -- is offering a hosted service called SecureMyWiFi that will make sure client systems are who they say they are before they're allowed to go online. But instead of authenticating to a local list of names, the list is hosted by WiTopia. Authentication takes place over the Internet.
"External authentication will always be more secure than local," says WiTopia co-founder Bill Bullock. "It's like hiding keys under the doormat [when you do it] locally. External will always win out." SecureMyWiFi is basically a low-end version of Full Mesh's outsourced service for businesses.
No special equipment is needed to use SecureMyWiFi, and it's completely set up online. Once activated, and assuming the network has the right hardware to support it, users are secured with full WPA/Enterprise. That includes encryption of all traffic between the client and AP (using AES) and changing of keys every few minutes.WiTopia does provide specific data on how to best set up your routers and access points for security, with suggestions like turning off SSID broadcasting, and changing any default SSIDs. The instructions also cover how to configure the built-in 802.1X clients in your operating system to work with the service (it is limited now to OSes with 802.1X clients, which means Windows 2000/XP, Mac OS X and some flavors of Linux).
To further facilitate easy setup, WiTopia is also reselling some hardware pre-configured for the best security. This includes media systems like Sonos and Roku; routers from 3Com, Linksys, Proxim, and Apple; printers from HP; and security gateways from SonicWall.
Where SecureMyWiFi seems to really shine is in price. A single access point with five users is only $29 for one year. 20 users connecting via five access points would take the price up to $84 per year [corrected from $55-- that would be with one AP with 20 user. See WiTopia pricing for details]. Larger groups can get a price quote directly from the company.
The service is somewhat comparable to hosted RADIUS service from Wireless Security Corporation (WSC), but WSC Guard can cost a lot more, at a minimum of $45 per user per year. Other RADIUS solutions for small businesses, such as LucidLink's and Corriente's, cost less, since they don't charge per user or AP—you just buy the software—but each is hosted locally, which Bullock says compromises security (though that does seem to work for RADIUS servers set up in offices all over the world). He also believes that products like Corriente's Elektron are "still over the head of residential and most small business users."
WiTopia is also selling a separate security service called personalVPN for $79 per user. This will secure traffic from the client through to the Internet at any location, even a hotspot. Right now, personalVPN is limited to Windows XP, but Bullock says a MacOS version is coming. It uses secure sockets layer (SSL) instead of point-to-point tunneling protocol (PPTP). WiTopia says SSL is more secure—it is what's used to secure Internet transactions. The competition, the slightly more expensive ($8.88 per month) HotSpotVPN.com, uses PPTP.