The X Factor: 802.1X keeps intruders off your network

Learn how 802.1X can benefit your LAN as well as your wireless network.

You've heard a lot about how the 802.1X protocol is designed to close a yawning security gap, particularly for wireless traffic. But it also provides added security for your wired networks. Strong passwords, two-factor tokens or digital certificates notwithstanding, your data in transit is vulnerable, and your network is open to unauthorized access before higher-level authentication takes place.

802.1X provides the framework for challenging access at your network's front door -- the switch or access point -- as well as dynamic key delivery to protect wireless traffic. It's generally a good fit for larger, security-conscious organizations.

While MAC ACLs allow a switch or AP to check MAC addresses before allowing traffic to pass, there's no provision for individual station or user authentication. MAC addresses can be sniffed off wired or wireless transmissions, and the address can then be applied to any NIC that supports configurable MAC addresses.

So, 802.1X may be your best bet to enhance enterprise-level security for both wired and wireless LANs. If your environment already has the basic components for 802.1X support in place, such as 802.1X-compliant APs and switches, and a user base with built-in client software (e.g., Windows XP), deployment can be quick and cost effective.

But it's not for everyone. With added security comes added complexity. 802.1X deployment can be expensive, and vendor support is still far from universal. SOHO networks and companies with older equipment and limited or no wireless deployment may conclude it's simply too costly and complicated. In that case, you may be better served by sticking to MAC ACLs and using encryption for sensitive data.

  • Read more about the X Factor.


    For more information on this topic, visit these resources:
  • This was first published in September 2003

    Dig deeper on Network Access Control Basics

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close