Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Storage

    Shimon Charts New Security Path

    By
    Andrew Garcia
    -
    May 7, 2007
    Share
    Facebook
    Twitter
    Linkedin

      Shimon Systems Bio-NetGuard introduces biometric authentication to wireless LAN security in what will someday soon be an elegant and easy way to strongly secure WLAN transmissions. However, at this time, the product is saddled with quality assurance and documentation woes that hinder the realization of these attributes.

      At its heart, the Bio-NetGuard is a tiny RADIUS appliance (about the size of a wallet) that small businesses can use to implement the enterprise-grade version of WPA (Wi-Fi Protected Access) or WPA2 encryption with EAP-TLS (Extensible Authentication Protocol-Transport Layer Security). But instead of relying on complicated digital certificates or easily compromised passwords, Bio-NetGuard instead uses fingerprints to authenticate WLAN users.

      Since Bio-NetGuard uses EAP-TLS, the wireless network expects the user to present a unique digital certificate for authentication, but Bio-NetGuard instead installs a generic certificate (signed by Shimons Certificate Authority) when the Supplicant software is installed on a users computer (only Microsofts Windows XP and Windows 2000 are currently supported)—relying instead on fingerprints to ID the user.

      To authenticate, the user is asked to select the type of encryption supported by the network and the correct adapter and target network and then enters a user name and scans the correct finger. Since users may not necessarily know the correct answers to all the above questions, the supplicant builds a default profile after the first successful log-in attempt.

      The software extracts minutiae points from the fingerprints (users must scan three fingers as part of the user account creation process), which are then compressed into a template that are transmitted to the appliance for approval as part of the 802.1x process. The users template is compared with the template created when the account was created, and administrators can adjust the comparison threshold to tighten up security. No fingerprints are stored on either the client or appliance—only the data derived from the templates.

      Pricing for Bio-NetGuard starts at $495 for a 10-user license. A single appliance can store up to 250 user accounts, however, at a cost of $2,995.

      As a RADIUS server, the Bio-NetGuard has its limitations that some companies may expect from better-known RADIUS solutions, such as software from Juniper Networks or FreeRADIUS. For example, administrators must use the built-in user database as there are no tie-ins with back-end LDAP or Active Directories to leverage existing user credentials. We also could not figure out a simple way to import users into the system via a text file or other method.

      Bio-NetGuard requires the use of Shimons Supplicant application, so administrators must make sure to disable any other supplicant applications that come with the operating system or hardware.

      Shimons supplicant can log in to only BioNetGuard-protected networks, however, so companies that allow the use of hot spots or home WLANs will have to train users to switch between supplicants, which could lead to confusion from the users.

      The generic certificate that comes with the software is automatically installed in the Current Users Trusted Root Certificate store. In instances where an administrator installs the supplicant using an account different than the one the user will use, the administrator must take care to copy the certificate to the right store or train the user on what to do when the software sends an alert of the missing certificate.

      Because of timing issues in the 802.1x transaction flow, interoperability may be an ongoing problem with Bio-NetGuard. For instance, we saw highly variable results with our three different client configurations: a Dell Latitude D600 with an Atheros Communications 802.11g adapter and a USB-based Upek thumbprint reader, and a pair of Lenovo Group ThinkPads with integrated thumbprint readers—a T60 with a Centrino 3945abg adapter and an X60 Tablet with Atheros draft-11n wireless adapter.

      The Centrino 3945abg had the most issues, frequently failing to correctly initiate or complete communications with the appliance during authentication. Shimon representatives indicated that they have completed interoperability testing with older Centrino models but have not gotten to the Centrino 3945abg at model yet.

      The immaturity of Shimons products showed up in other ways as well. The initial version of the supplicant we tested (Version 2.0.2.0) did not work at all on either Lenovo laptop, so we upgraded to Version 2.0.3.0, which was provided to us via e-mail by Shimon representatives.

      We learned we could not trust the software versions available on Shimons Web site, when we tried upgrading the appliance from Version 2.0.0.5SS to Version 2.0.0.7 SS). The new firmware disrupted every authentication attempt from our users (except the Bio-NetGuard admin account). The logs showed every account had expired—even though we confirmed accounts should be valid for 10 years.

      Shimons technical support team reproduced some of our findings in their labs and informed us that they encourage their engineers to post new versions to the companys FTP site, but somehow these not-ready-for-prime-time versions managed to make it the Web site as well. This oversight does not speak well of the young companys current quality-control systems currently in place there.

      We performed our initial tests using an off-the-shelf consumer access point—Linksys WRT54G. Shimons list of supported access points is fairly limited at this time, but since the underlying mechanisms should be rooted in the Wi-Fi standards, we also tested the Bio-NetGuard with an enterprise-grade Wi-Fi solution—Trapeze Networks Mobility Exchange and Mobility Points. We were pleasantly surprised how easily we were able to integrate the products, as the Mobility Exchange treated the Bio-NetGuard as nothing more than an external RADIUS server.

      Shimons Web site could hardly be less useful. Not only were the code updates unreliable, but the documentation was not available in English at the time we performed our review. All the technical support documents on the Web site were available only in Japanese.

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      Andrew Garcia
      Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at [email protected]

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×