Funk Software Inc.s latest Odyssey Security Software Suite offers an inexpensive way to lock down WLANs in smaller Windows environments.
eWeek Labs tests showed Odyssey Version 1.1 doesnt offer a ton of new features, but its chief advance is a significant one: Odyssey 1.1 gains an enhanced ability to forward wireless LAN authentication requests to Funks Steel-Belted Radius and third-party LDAP directories. The update also has better logging capabilities and a streamlined method of delegating the access points to be secured.
Odyssey 1.1 will be a more cost-efficient fit than hardware appliances for small and midsize companies that want to leverage their RADIUS (Remote Authentication Dial-In User Service) infrastructures using an easy-to-manage WLAN security platform.
However, Odyssey doesnt support non-Windows systems, and hardware appliances would be a better choice for securing larger enterprises with complex WLAN topologies. Sites that want to use RADIUS for securing more than WLANs should take a look at Funks Steel-Belted Radius Server Enterprise Edition, which also has built-in 802.1x support.
Odyssey Server, which was released in December, is priced at $2,500 for a single server license and 25 client licenses. Additional client licenses can be purchased for $50 each.
Odyssey is less expensive than WLAN security appliances from ReefEdge Inc. or Vernier Networks Inc., but it doesnt offer data encryption acceleration or robust WLAN client mobility features, such as persistent connections or subnet roaming, found in these appliances.
Odyssey Server builds on Funks expertise in RADIUS authentication and provides an 802.1x-compliant RADIUS system that authenticates wireless clients and ensures session privacy to Windows NT and Active Directory environments.
Odyssey Server can run on Windows 2000 Server, Advanced Server or Professional systems with Service Pack 2 or on systems running Windows XP Professional. The Odyssey Client runs on most Windows-based clients, including Windows 98, 2000, ME and XP.
Heterogeneous sites supporting wireless clients such as Linux or Mac OS should consider Meetinghouse Data Communications Aegis WLAN security software. Similar to Odyssey, Aegis is an 802.1x-compliant client/server software suite that supports various Extensible Authentication Protocol techniques to secure WLANs. The Aegis Server costs $2,500 with 50 client licenses; additional client licenses cost $40 each. The Aegis Server runs on Linux and Solaris platforms and recently added support for Windows.
Among hardware-based competitors, ReefEdges WLAN security appliance also provides encryption acceleration and granular access control (see eWeek Labs Feb. 3 review at www.eweek.com/links).
Most appliances can work with any access point, whereas Odyssey requires access points to enable authentication with RADIUS servers. Funk provides a hardware compatibility list with a limited number of supported access points, and it plans to provide better access point support in future releases, company officials said.
Certification Can Be Tricky
We found deploying the Odyssey system to be fairly straightforward, but IT managers should be aware of the complications involved in setting up server certificates and upgrading access point firmware to support TTLS (Tunneled Transport Layer Security). We used a certification tool provided by Funk to generate trusted certificates for our Odyssey server to simplify the process.
The Odyssey Client Manager allowed us to easily set up our connections, pick the appropriate wireless network and create user profiles possessing credentials that the Client Manager could authenticate.
We tested Odyssey Server on a Windows 2000 server in a Windows Domain with Active Directory installed. We deployed a 3Com Corp. AP8000 access point and used a laptop running Windows XP Professional with the 3Com wireless adapter to authenticate into our domain.
Software installation was simple, and we easily configured the AP8000 to use RADIUS authentication, but we had to upgrade the firmware to support TTLS.
Odyssey supports wireless adapter cards that use the standard NDIS (Network Driver Interface Specification) 5.1 for 802.11 WLAN object identifiers. Our Windows XP client had the latest NDIS 5.1 drivers, so we didnt have problems. However, sites running other clients will have to upgrade their client wireless adapters with the latest drivers.
Technical Analyst Francis Chu can be reached at firstname.lastname@example.org.