Lab Notes

Musings on Wi-Fi security issues, our product plans, and the general state of the world. Follow up with your comments and complaints to Lab Notes's .

Elektron 1.1b2

We posted the second beta release (and first openly circulated beta) of Elektron v1.1 today. It is available for download right now.The most notable new features are:

Remote Administration The Elektron Settings application now supports connecting to the Elektron server over the LAN, rather than being restricted to running on the same machine as the server. This means that you can stick your server in a closet and administer it from your desktop — no more need to be sitting at the server or using something like VNC to configure it. To keep things secure, the connection between the server and the Elektron Settings application is encrypted using SSL.
Session Timeouts You can now configure the length of time that a user may be logged into the network. Enabling this feature sends a RADIUS "Session-Timeout", requiring the client to re-authenticate after a fixed period of time. This increases security by forcing the per-client encryption keys to be regenerated at regular intervals. One caveat: this feature requires that your access points support the Session-Timeout attribute, and not all do. If your access points do not, then it will simply be ignored.
MAC Address Authentication Since first releasing Elektron eight weeks ago, we've been surprised by the number of requests we are receiving for this feature. It's a simple (but not very secure) method of limiting access to the wireless network based on the MAC address of the client's Wi-Fi card. For organizations that need some form of control over who accesses their network, but can't upgrade their users to recent WPA Enterprise capable equipment (K-12, you know who I'm talking about!), this feature will keep out casual users. It does not provide encryption, and it is easy to spoof for anybody with even a small amount of technical expertise, so we don't recommend its use unless you absolutely cannot deploy WPA Enterprise.
Command Line Account Configuration Elektron now includes a command line tool for adding and removing Elektron user accounts, and for changing the passwords on those accounts. This allows you to script the account management process, and even create different front-ends for it. For instance, the Elektron manual includes an example CGI demonstrating a web page that allows a user to change their Elektron account password.
LEAP Support In addition to PEAP and TTLS, Elektron now supports LEAP for authentication. There is some older equipment out there that only supports LEAP, and now you can authenticate this equipment using Elektron.

While the whole shebang looks similar to the previous release on the outside, in the inside it's a pretty big upgrade. We'd appreciate everyone who could shake it down and let us know (via the support email address) about any problems encountered. This is a beta release, so don't deploy it on a production server. Since this is infrastructure software we prefer to do infrequent but well tested beta releases. We've been banging on it for weeks now, but there is no substitute for real-world testing. So please, download it and give it a try today!

By Periodik Labs on March 9, 2005 11:41 AM | Permalink

Lab Notes

Elektron 1.1b2

Search

Recent Entries

Monthly Archives