Cyber Security Expo
 
Port-based authentication with IEEE 802.1x by William J. Meador on 07/08/04

IEEE Standard 802.1x-2001 was approved by both the Institute of Electrical and Electronics Engineers (IEEE) and the American National Standards Institute (ANSI) in 2001. It provides port-based network access control for local and metropolitan area networks:

This standard defines a mechanism for Port-based network access control that makes use of the physical access characteristics of IEEE 802 LAN infrastructures in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection characteristics, and of preventing access to that port in case in which the authentication and authorization process fails (IEEE, 2001, p. iii).

Why would a network security administrator want to implement port-based authentication? Securing network borders is no longer confined to placing a firewall between the Internet and local network. Network borders now include publicly-accessible Ethernet ports and Wireless networks. Simple segmentation or a VLAN for such ports can impede a valid userís networking capabilities. A method was thus needed to securely authenticate users on a per-port basis. Once authentication can be established, a network administrator can be very flexible in how he/she handles authenticated and unauthenticated users. One scenario may be at a university. The library has publicly-accessible Ethernet ports, and allows Internet-only access for (unauthenticated) guests. But authenticated users will still have access to servers and other local resources. Another scenario is a company has an 802.11b Wireless LAN. It does not want any information leaked to the public, so unauthenticated users will not be granted any access. Port-based authentication gives the network security administrator flexibility in securing the internal network.

This document is in PDF format. To view it click here.

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.