Tip

The X Factor: 802.1X keeps intruders off your network

You've heard a lot about how the 802.1X protocol is designed to close a yawning security gap, particularly for wireless traffic. But it also provides added security for your wired networks. Strong passwords, two-factor tokens or digital certificates notwithstanding, your data in transit is vulnerable, and your network is open to unauthorized access before higher-level authentication takes place.

802.1X provides the framework for challenging access at your network's front door -- the switch or access point -- as well as dynamic key delivery to protect wireless traffic. It's generally a good fit for larger, security-conscious organizations.

While MAC ACLs allow a switch or AP to check MAC addresses before allowing traffic to pass, there's no provision for individual station or user authentication. MAC addresses can be sniffed off wired or wireless transmissions, and the address can then be applied to any NIC that supports configurable MAC addresses.

So, 802.1X may be your best bet to enhance enterprise-level security for both wired and wireless LANs. If your environment already has the basic components for 802.1X support in place, such as 802.1X-compliant APs and switches, and a user base with built-in client software (e.g., Windows XP), deployment can be quick and cost effective.

But it's not for everyone. With added security comes added complexity. 802.1X deployment can be expensive, and vendor support is still far from universal. SOHO networks

    Requires Free Membership to View

and companies with older equipment and limited or no wireless deployment may conclude it's simply too costly and complicated. In that case, you may be better served by sticking to MAC ACLs and using encryption for sensitive data.

  • Read more about the X Factor.


    For more information on this topic, visit these resources:

    This was first published in September 2003

  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.