January 17, 2012

1.2.7 802.1X

To understand IEEE 802.1X standard means it helps to discuss three separate concepts: PPP, EAP and 802.1X itself.

PPP (Point-to-Point Protocol) is most commonly used for dial-up Internet access.

PPP defines an authentication mechanism to authenticate the user at the other end of the PPP line. As security requirements became more sophisticated, organizations needed more than simple username and passwords authentication. A new authentication protocol, called the Extensible Authentication Protocol (EAP), was designed. EAP sits inside of PPP's authentication protocol and provides a generalized framework for several different authentication methods. EAP is supposed to head off proprietary authentication systems and let everything from passwords to challenge-response tokens and public-key infrastructure certificates all work smoothly.

The IEEE 802.1X standard, is a standard for passing EAP over a wired or wireless LAN. It defines port-based security for wireless network access control. With 802.1X, you package EAP messages in Ethernet frames and without the overhead of PPP. It offers a means of authentication and defines the Extensible Authentication Protocol (EAP) over IEEE 802 and is often known as EAP over LAN (EAPOL).

The biggest benefit of using 802.1X is that the access points and the switches do not need to do the authentication but instead rely on the authentication server to do the actual work.

802.1X involves three parties:

  1. Supplicant - the user or client device, such as a laptop, that wants to be authenticated.
  2. Authentication server -  the actual server doing the authentication, e.g. a RADIUS server.
  3. Authenticator - the device in between, such as a wireless access point.

One of the key points of 802.1X is that the authenticator can be simple and dumb - all of the brains have to be in the supplicant and the authentication server. This makes 802.1X ideal for wireless access points, which are typically small and have little memory and processing power.

References:

  • http://www.networkworld.com/news/2010/0506whatisit.html
  • http://en.wikipedia.org/wiki/IEEE_802.1X
  • CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

No comments:

Post a Comment