The 802.1x protocol defines port-based, network access control that is used to provide authenticated network access (see Figure 1). Although this standard is designed for wired Ethernet networks, it has been adapted for use on 802.11 WLANs. It is simply a standard for passing EAP over a wired or wireless LAN.
802.1x restricts unauthorized clients from connecting to a LAN. The client must first authenticate with an Authentication server, typically a RADIUS server, before the switch port is made available and the network can be accessed. EAP (Extensible Authentication Protocol) is a general authentication protocol that provides a framework for multiple authentication methods, including traditional passwords, token cards, Kerberos, Digital Certificates, and public-key authentication.
WEP (Wireless Equivalent Privacy) has famously been shown to be insecure (Anton Rager’s wepcrack was the first publicly available tool for this—http://wepcrack.source-forge.net/); however WEP protection of wireless connections is still better than no encryption at all. The Wi-Fi Alliance (a consortium of major vendors—http://wi-fi.org/) is responsible for drafting both the WPA (Wi-Fi Protected Access) and WPA2 standards. The Wi-Fi alliance also formed a VoWLAN (Voice over Wireless LAN) working group tasked with developing WMM (Wi-Fi Multimedia) QoS standards for VoIP and other multimedia over wireless networks.
WPA implements a subset of IEEE802.11i, and differs from WEP mainly in that it utilizes TKIP (Temporal Key Integrity protocol) and the EAP framework for authentication. 802.11i is a draft IEEE standard for 802.11 wireless network security. 802.11i, also known as WPA2, uses 802.1x as the authentication mechanism and the Advanced Encryption Standard (AES) block cipher for encryption. WEP and WPA use the RC4 stream cipher. Table 1 shows some of the key features of these three security standards.
Protocol
|
Authentication
|
Cipher
|
Key Length
|
Key Management
|
---|---|---|---|---|
WEP
|
None
|
RC-4
|
40/104
|
None
|
WPA
|
802.1x/EAP
|
RC-4
|
128
|
802.1x/EAP
|
WPA2
|
802.1x/EAP
|
AES
|
128
|
802.1x/EAP
|
It is helpful to think of 802.1x not as a single protocol but rather as a security frame-work using existing, and proven security standards that serves two critical security func-tions—authentication (PSK or PKI, for example) and encryption (TLS or AES, for example). Note that 802.1x does not define either authentication or encryption methods (in fact 802.1x can be used without encryption); rather these are defined largely through this choice of an EAP type.
Until the client is authenticated via 802.1x/EAP access control, the only protocol allowed through the port to which the client is connected is Extensible Authentication Protocol traffic. After authentication is successful, traffic can pass through the port.
1 comment:
thank you for the post , visit us for
best telephone solution for business
Post a Comment