|
WLAN-Minder is a secure, hacker proof control centre for provision, management and
administration of Wireless LAN networks (WLAN). It offers enhanced Wireless LAN security by
granting access only to clients possessing a personalized pre-programmed secure tokens like smart
card, USB dongles and other biometric devices. Once the user token is connected to a computer,
that computer is configured according to the information present on the token and the user is
automatically connected and logged on to the allowed systems.
Based on years of NanoGlobes experience in communication and smart card technology, WLAN-
Minder provides an open standard AAA (Authentication, Authorisation and Accounting) system by
implementing a RADIUS based access, management and control centre incorporating and rigidly
enforcing a hacker proof biometrics based strong two factor security tactics. All these facilities are
housed within a small self contain, robust, reliable and noise free locally or remotely configurable
device.
WLAN-Minder unique and simple to use solution can be deployed to support different wireless LAN
topology and business models like, Enterprise solution, Hotspots solution and Community Network
solution. WLAN-Minder open and standardised solution enables billing, network management and
user customisation tailored to the needs of any organization.
WLAN-Minder has pre-installed software which is based on IEEE 802.1x standard allowing a wide
variety of authentication and connection techniques for wireless and wired LANs. A Smart Media
card is used for configuration, back up / restore. WLAN-Minder also includes a user-friendly
application for issuing and management of secure tokens. The management functions can be
protected by an administrator token and it’s associated PIN. WLAN-Minder is an stand-alone
controller and the initial configuration of the unit may be performed via USB or RS232. Once the
basic network parameters have been configured, all management of the unit is performed via web
browser (HTTP) using a Secure Sockets Layer (SSL) connection.
WITHOUT THE WLAN-Minder TO PROTECT YOUR NETWORKS:
administration of Wireless LAN networks (WLAN). It offers enhanced Wireless LAN security by
granting access only to clients possessing a personalized pre-programmed secure tokens like smart
card, USB dongles and other biometric devices. Once the user token is connected to a computer,
that computer is configured according to the information present on the token and the user is
automatically connected and logged on to the allowed systems.
Based on years of NanoGlobes experience in communication and smart card technology, WLAN-
Minder provides an open standard AAA (Authentication, Authorisation and Accounting) system by
implementing a RADIUS based access, management and control centre incorporating and rigidly
enforcing a hacker proof biometrics based strong two factor security tactics. All these facilities are
housed within a small self contain, robust, reliable and noise free locally or remotely configurable
device.
WLAN-Minder unique and simple to use solution can be deployed to support different wireless LAN
topology and business models like, Enterprise solution, Hotspots solution and Community Network
solution. WLAN-Minder open and standardised solution enables billing, network management and
user customisation tailored to the needs of any organization.
WLAN-Minder has pre-installed software which is based on IEEE 802.1x standard allowing a wide
variety of authentication and connection techniques for wireless and wired LANs. A Smart Media
card is used for configuration, back up / restore. WLAN-Minder also includes a user-friendly
application for issuing and management of secure tokens. The management functions can be
protected by an administrator token and it’s associated PIN. WLAN-Minder is an stand-alone
controller and the initial configuration of the unit may be performed via USB or RS232. Once the
basic network parameters have been configured, all management of the unit is performed via web
browser (HTTP) using a Secure Sockets Layer (SSL) connection.
WITHOUT THE WLAN-Minder TO PROTECT YOUR NETWORKS:
- Intruders can eavesdrop and obtain wireless LAN Service Set Identifiers (SSIDs) and
Media Access Control (MAC) addresses, in order to steal the credentials of an authorised
user.
- Hackers can force a rogue station between an authorised station and an access point and
therefore route all traffic through the rogue station (man-in-the-middle attacks).
- Intruders can spoof authorised users from the Wireless LAN, as well as introducing
viruses and stealing valuable company information.
- User’s access time and information accessed cannot be controlled or monitored for
security and billing purposes.
| Benefits |
|
|
| How it is done |
Software running on the WLAN-Minder control centre manages user Authentication and
Authorisation, controlling user's access to the wired network from the wireless LANs, and
monitoring all connections for auditing or billing purposes.
The Authentication task running on the WLAN-Minder control centre is responsible for checking the
Wireless LAN user credentials. This is achieved using the PKI certificate and checking it against a
central database or directory. WLAN-Minder allows authentication against existing Directory
Services via LDAP standard protocol.
This process confirms the user is "who they claim to be". The Authorisation task consists of the
provisioning or denial of user access to the wireless and wired network. Access is personalised
according to permissions granted to the user - e.g. specific or group access, session time limits,
time-of-day restrictions, point of access restrictions, etc. Finally, the accounting task logs connection
data concerning all Wireless LAN connections (i.e. user name, time and duration of connection ...)
for use in tracking, billing and auditing.
Authorisation, controlling user's access to the wired network from the wireless LANs, and
monitoring all connections for auditing or billing purposes.
The Authentication task running on the WLAN-Minder control centre is responsible for checking the
Wireless LAN user credentials. This is achieved using the PKI certificate and checking it against a
central database or directory. WLAN-Minder allows authentication against existing Directory
Services via LDAP standard protocol.
This process confirms the user is "who they claim to be". The Authorisation task consists of the
provisioning or denial of user access to the wireless and wired network. Access is personalised
according to permissions granted to the user - e.g. specific or group access, session time limits,
time-of-day restrictions, point of access restrictions, etc. Finally, the accounting task logs connection
data concerning all Wireless LAN connections (i.e. user name, time and duration of connection ...)
for use in tracking, billing and auditing.
| The WLAN-Minder Solution |
The use of WALN-Minder solution together with the IEEE 802.1x standard (enabling access
authentication), overcomes some of the major security drawbacks of a Wireless LAN. Threats such
as intruders who pick off Service Set Identifiers (SSIDs) and Media Access Control (MAC) addresses,
in order to steal the credentials of an authorised user, and man-in-the-middle attacks (where
hackers can force a rogue station between an authorised station and an access point) are
countered.
The protocol performing the access authentication in 802.1x is called Extensible Authentication
Protocol (EAP) encapsulation over LANs (EAPOL). EAP provides a general framework for several
different authentication methods (from passwords to challenge response tokens and public key
infrastructure certificates). However WLAN-Minder make use of EAP-TLS, as it provides the highest
level of security. EAP-TLS enables mutual authentication so users and network is protected against
main-in-the-middle attacks. With EAP-TLS, both wireless and client are strongly authenticated to
each other using digital certificates.
EAP-TLS (EAP -Transport Layer Security) uses PKI-issued (Public Key Infrastructure) digital
certificates for strong mutual authentication. The WLAN-Minder sends its certificate to the client.
The client validates the identity of the WLAN-Minder and if satisfied, it then sends the client
certificate to the WLAN-Minder. The exchange of certificates is done in the open before a secured
session is created.
WLAN-Minder will also dynamically change the WEP encryption key, so that the client can be
re-authenticated and re-keyed automatically as often as needed without inconveniencing the end
user. It also performs automatic user log on (after entering the correct PIN) to the approved
Wireless LAN Access Point which is pre-configured on the security token.
authentication), overcomes some of the major security drawbacks of a Wireless LAN. Threats such
as intruders who pick off Service Set Identifiers (SSIDs) and Media Access Control (MAC) addresses,
in order to steal the credentials of an authorised user, and man-in-the-middle attacks (where
hackers can force a rogue station between an authorised station and an access point) are
countered.
The protocol performing the access authentication in 802.1x is called Extensible Authentication
Protocol (EAP) encapsulation over LANs (EAPOL). EAP provides a general framework for several
different authentication methods (from passwords to challenge response tokens and public key
infrastructure certificates). However WLAN-Minder make use of EAP-TLS, as it provides the highest
level of security. EAP-TLS enables mutual authentication so users and network is protected against
main-in-the-middle attacks. With EAP-TLS, both wireless and client are strongly authenticated to
each other using digital certificates.
EAP-TLS (EAP -Transport Layer Security) uses PKI-issued (Public Key Infrastructure) digital
certificates for strong mutual authentication. The WLAN-Minder sends its certificate to the client.
The client validates the identity of the WLAN-Minder and if satisfied, it then sends the client
certificate to the WLAN-Minder. The exchange of certificates is done in the open before a secured
session is created.
WLAN-Minder will also dynamically change the WEP encryption key, so that the client can be
re-authenticated and re-keyed automatically as often as needed without inconveniencing the end
user. It also performs automatic user log on (after entering the correct PIN) to the approved
Wireless LAN Access Point which is pre-configured on the security token.
© 2012 NanoGlobes Ltd
 |
| |
 |
| |
 |
| |
 |
| Features |