The X Factor: 802.1X keeps intruders off your network

The X Factor: 802.1X keeps intruders off your network

You've heard a lot about how the 802.1X protocol is designed to close a yawning security gap, particularly for wireless traffic. But it also provides added security for your wired networks. Strong passwords, two-factor tokens or digital certificates notwithstanding, your data in transit is vulnerable, and your network is open to unauthorized access before higher-level authentication takes place.

802.1X provides the framework for challenging access at your network's front door -- the switch or access point -- as well as dynamic key delivery to protect wireless traffic. It's generally a good fit for larger, security-conscious organizations.

While MAC ACLs allow a switch or AP to check MAC addresses before allowing traffic to pass, there's no provision for individual station or user authentication. MAC addresses can be sniffed off wired or wireless transmissions, and the address can then be applied to any NIC that supports configurable MAC addresses.

So, 802.1X may be your best bet to enhance enterprise-level security for both wired and wireless LANs. If your environment already has the basic components for 802.1X support in place, such as 802.1X-compliant APs and switches, and a user base with built-in client software (e.g., Windows XP), deployment can be quick and cost effective.

But it's not for everyone. With added security comes added complexity. 802.1X deployment can be expensive, and vendor support is still far from universal. SOHO networks

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

and companies with older equipment and limited or no wireless deployment may conclude it's simply too costly and complicated. In that case, you may be better served by sticking to MAC ACLs and using encryption for sensitive data.

  • Read more about the X Factor.

    For more information on this topic, visit these resources:

    This was first published in September 2003

    • Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top