Chapter Contents

About Elektron
Features
Windows Client Compatibility
Mac OS X Client Compatibility
Low Administrative Overhead
Wide Variety of Authentication Options
Works With Mac OS X Directory Services
Works With Active Directory
Access Point Support
Support for Latest Standards
New in Elektron Version 2
Authentication Domains
FIPS 140-2 Validated Cryptographic Module
MAC Address Authentication
Full Windows 7 Support
SNMP
Authorization Policies
EAP-FAST
Least Privilege
Acknowledgments

Elektron is server software that enables secure wireless networks. To learn more about Elektron, search Elektron Help and visit the support section of the Periodik Labs website. Here are some of the features of Elektron:

Features

Windows Client Compatibility

Windows XP, Windows Vista, and Windows 7 clients can connect and authenticate to the Elektron server using built-in wireless networking support. No additional software is necessary, lowering costs and system administration headaches.

Mac OS X Client Compatibility

Starting with Mac OS X 10.3 (Panther), Apple has shipped support for the latest wireless security standards, ensuring that Mac OS X users can utilize their wireless networks in the most secure configuration available.

Low Administrative Overhead

Elektron is designed to provide the strongest possible security while at the same time being easy to configure and maintain. Elektron provides a “fire and forget” system that requires little to no maintenence after the intial installation, allowing business owners to focus on maintaining their business, not their wireless network security.

Wide Variety of Authentication Options

Support for Protected Extensible Authentication Protocol (PEAP), EAP Tunneled TLS Authentication Protocol (TTLS), and EAP Flexible Authentication via Secure Tunneling (EAP-FAST) is included in every copy of Elektron, along with a full complement of tunneled authentication methods. Externally, Elektron can verify user passwords against Open Directory, Active Directory, ODBC, legacy RADIUS servers, and allows you to add your own authentication methods as well.

Works With Mac OS X Directory Services

Directory Services on Mac OS X are used for authenticating users connecting to the Elektron server, creating a single point of user account administration. This means that the same username and password that a user uses to check their email or share files is used to access the wireless network. This includes automatic support for Open Directory accounts when Elektron is installed on an Open Directory server.

Works With Active Directory

When installed on your Active Directory controller, Elektron will automatically use your domain accounts to authenticate wireless network access requests. Users log in with their same domain username and password that they use for other network services, and machine authentication is supported as well.

Access Point Support

Elektron works with many popular WPA enterprise capable wireless access points, including the Apple Airport Extreme Base Station, as well as popular access points from manufacturers such as Linksys, Cisco, Bufallo, Proxim, and others.

Support for Latest Standards

Elektron is up-to-date with the latest security standards, meaning that network administrators can be sure that their wireless networks are safe from intruders while staying compatible with the widest range of client software.

New in Elektron Version 2

Authentication Domains

This feature allows you to map domains to different authentication sources based on the user’s domain. For instance, “user@foo.com” can be authenticated against your Active Directory, while “user@bar.com” can be authenticated against a remote LDAP server. Even if you have only a single domain, this feature gives you the ability to add support for guest accounts: configure “company.com” to authenticate against your company’s user directory, while “guest.company.com” is configured to use Elektron’s built-in user database for easy temporary account creation.

FIPS 140-2 Validated Cryptographic Module

Elektron version 2 uses a cryptographic module that has been tested and validated under the NIST Cryptographic Module Validation Program as meeting requirements for FIPS PUB 140-2, enabling its use in certain government and financial industry applications.

MAC Address Authentication

Simultaneous use of MAC address and standard user account authentication is supported in Elektron version 2, and is fully configurable on a per-access point basis.

Full Windows 7 Support

Elektron’s Windows 7 feature set has been updated to include full support for installation on Windows 7 (including UAC support) and to authenticate Windows 7 clients when installed on any supported platform.

SNMP

Elektron can be configured to to respond to SNMP management information requests in accordance with the standardized RADIUS MIBs, and to issue SNMP traps is response to a user-configurable set of server events.

Authorization Policies

Policy support has been enhanced in Elektron version 2, with new support for triggering actions based on string pattern matching of the username, account groups, access points, and MAC addresses. Support for external scripts includes the ability to trigger policies based on the script result, and to have an external script act upon the result of the policy. Also included is greatly simplified configuration of VLAN assignment, one of the most common uses of authorization policies.

EAP-FAST

Support for Cisco’s EAP Flexible Authentication via Secure Tunneling protocol makes its debut in Elektron version 2.

Least Privilege

Elektron honors the concept of “privilege separation,” in which the server performs its normal functions at the lowest possible level of security privilege, closing potential avenues of attacks on your server.

Acknowledgments

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)


Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:

1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in
   the documentation and/or other materials provided with the
   distribution.

3. All advertising materials mentioning features or use of this
   software must display the following acknowledgment:
   "This product includes software developed by the OpenSSL Project
   for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
   endorse or promote products derived from this software without
   prior written permission. For written permission, please contact
   openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL"
   nor may "OpenSSL" appear in their names without prior written
   permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following
   acknowledgment:
   "This product includes software developed by the OpenSSL Project
   for use in the OpenSSL Toolkit (http://www.openssl.org/)"

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.