 nps-APSec is a source code implementation of the IETF and IEEE protocols necessary to provide security on a platform serving as a wireless Access Point: Radius, EAP, 802.1X and WPA. nps-APSec has been designed to simplify the process of adding security and authentication to an Access Point. Through use of a clean interface with 802.11 management, security aspects of AP operation can be decoupled from other functions. In a market where security protocol evolution is an ongoing process, it is difficult to maintain sufficient in-house expertise in every area. CreekSide Networks solves this problem, decreases time to market, lowers development costs and provides ongoing product enhancements and support.
Features Include:
Product Overview The nps-APSec engine is a full-featured implementation of the protocols needed to provide port access control, authentication and dynamic key generation for platforms implementing wireless Access Point functionality. A Radius client with EAP support enables mutual authentication between a wireless
supplicant and Radius server. Primary and backup servers, Radius accounting and The Radius/EAP client is tightly coupled with IEEE 802.1X port access control and key generation. Authentication can be required for all users or controlled with an Access Control List. Generated keys can be static, per-session or dynamically rekeyed on a timer basis. Support for Wifi Protected Access (WPA) Version 1 is also provided to allow use with TKIP or AES based encryption. Both WPA-EAP and WPA-PSK are supported as is operation in mixed pre-WPA environments based on dynamic configuration. Multiple simultaneous pairwise ciphers and key management schemes can be configured and configuration changes keep existing associations whenever possible. In keeping with the Creekside philosophy of standards tracking, no cost upgrades to WPA version 2 will be available. The Radius/EAP client can also be used in conjunction with nps-IKEV2 to enable unified AAA support for both VPN and wireless clients via a single Radius server. In this environment, security of Radius itself can also be improved by the recommended protection of Radius traffic by IPSec. Implementation The nps-APSec engine is implemented as a set of "C" modules and a porting "h" file. Unlike other products, it is not designed for a specific operating system. Instead, only a limited set of system functionality is required. A wide variety of scheduling, memory management and buffer management policies can be easily accommodated. The module and other components of the nps-APSec engine have been ported to a big and little ENDIAN, CISC and RISC processors and a number of operating systems. The environment can be compiled using a variety of compliers. The Porting Process Porting the nps-APSec engine is a straightforward process. The main porting file contains definitions related to compiler and target processor issues such as byte ordering and function prototype usage. Maximum resource usage by type and allocation calls is also defined here. The porting file also allows customization of debug information and event tracing which can be enabled or disabled dynamically. Porting requires that the environment provides mapping of input/output functions and periodic execution of a tie routine. During initialization, and module initialization function is called and the environment loads all initial operating parameters and a router enable function is called. Subsequently, all management action can occur dynamically, without restarting the module. License CreekSide Networks' IKE is sold on a one time License, product specific and is Royalty Free. For a price quote please contact our Sales office at the number or email address below. |
||
tel. (239) 415-6631 | fax. (239) 415-6632 | info@creeksidenet.com
| |
||
