Manage Learn to apply best practices and optimize your operations.

The X Factor: 802.1X keeps intruders off your network

Learn how 802.1X can benefit your LAN as well as your wireless network.

You've heard a lot about how the 802.1X protocol is designed to close a yawning security gap, particularly for...

wireless traffic. But it also provides added security for your wired networks. Strong passwords, two-factor tokens or digital certificates notwithstanding, your data in transit is vulnerable, and your network is open to unauthorized access before higher-level authentication takes place.

802.1X provides the framework for challenging access at your network's front door -- the switch or access point -- as well as dynamic key delivery to protect wireless traffic. It's generally a good fit for larger, security-conscious organizations.

While MAC ACLs allow a switch or AP to check MAC addresses before allowing traffic to pass, there's no provision for individual station or user authentication. MAC addresses can be sniffed off wired or wireless transmissions, and the address can then be applied to any NIC that supports configurable MAC addresses.

So, 802.1X may be your best bet to enhance enterprise-level security for both wired and wireless LANs. If your environment already has the basic components for 802.1X support in place, such as 802.1X-compliant APs and switches, and a user base with built-in client software (e.g., Windows XP), deployment can be quick and cost effective.

But it's not for everyone. With added security comes added complexity. 802.1X deployment can be expensive, and vendor support is still far from universal. SOHO networks and companies with older equipment and limited or no wireless deployment may conclude it's simply too costly and complicated. In that case, you may be better served by sticking to MAC ACLs and using encryption for sensitive data.

  • Read more about the X Factor.

    For more information on this topic, visit these resources:
  • This was last published in September 2003

    Dig Deeper on Network Access Control technologies

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.