Summary

Previous page
Table of content
Next page

802.1x is an IEEE standard that defines how to identify a user and grant a user access to a network. 802.1x is a link layer, or Layer 2, authorization protocol that defines how a user is granted port-based access to a network. 802.1x is composed of three major components: supplicant, authenticator, and authentication server. The supplicant resides on the enddevice to identify the user. The authenticator can exist in a Catalyst LAN switch, wireless access point, or router and forwards authentication requests from the supplicant device to the authentication server. The authentication server contains knowledge of the authorized users and the network privileges that should be granted to a user for network access. The Cisco ACS server is an example of an authentication server.

802.1x communication occurs between the supplicant and the authenticator. Communication between the authenticator and authenticator server is in the form of RADIUS records. EAP types are used to communicate between the supplicant and the authentication server. Many EAP types exist for different network scenarios, including oneway authentication (supplicant authenticates to authenticator), two-way authentication (protects supplicant devices against rouge authenticators), support for both wired (Ethernet) and wireless (WiFi) networks, and support for either passwords or digital certificates.

802.1x is a good base for user authentication. Other functionality can complement 802.1x user authentication. 802.1x also supports device or machine authentication. Machine authentication uses Microsoft's Active Directory, so machine authentication is only supported for Microsoft Windows PCs. Cisco IBNS layers additional functionality on to an 802.1x network, including the ability to bypass authentication based upon MAC address and the WoL feature to activate and reboot an idle computer in order to remotely install software applications, patches, and updates. NAC can also leverage an 802.1x network to provide additional checks of the security posture on the authenticating device to ensure that the device has the proper antivirus, service packs, and hotfix updates to safely join the network. 802.1x is also supported in Cisco's IOS routers and can implement additional security for remote employees and teleworkers by using 802.1x to allow the employee to safely access the corporate network while allowing other users on the home network to access the Internet without connecting through the corporate network.


Previous page
Table of content
Next page
Setf-Defending Networks(c) The Next Generation of network Security
Self-Defending Networks: The Next Generation of Network Security
ISBN: 1587052539
EAN: 2147483647
Year: N/A
Pages: 112
Authors: Duane De Capite
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
Documenting Software Architectures: Views and Beyond
Introduction to 80x86 Assembly Language and Computer Architecture
Cisco Voice Gateways and Gatekeepers
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy