IEEE 802.1X is an IEEE
Standard for Port-based Network Access Control (PNAC). It is part of the IEEE
802.1 group of networking protocols. It provides an authentication mechanism to
devices wishing to attach to a LAN or WLAN.
IEEE 802.1X defines the encapsulation of the Extensible Authentication
Protocol (EAP) over IEEE 802, which is known as "EAP over LAN" or
EAPOL. EAPOL was originally designed for IEEE 802.3 Ethernet in 802.1X-2001,
but was clarified to suit other IEEE 802 LAN technologies such as IEEE 802.11
wireless and Fiber Distributed Data Interface (ISO 9314-2) in 802.1X-2004. The
EAPOL protocol was also modified for use with IEEE 802.1AE (“MACsec”) and IEEE
802.1AR (Secure Device Identity, DevID) in 802.1X-2010 to support service
identification and optional point to point encryption over the local LAN
segment.
802.1X authentication helps mitigate many of the risks involved in using
WEP. For example, one of the biggest problems with WEP is the long life of keys
and the fact that they are shared among many users and are well known. With
802.1X, each station could have a unique WEP key for every session. The
Authenticator (Wireless Access Point) could also choose to change the WEP key
very frequently, such as once every 10 minutes or every 1000 frames. 802.1X
does not guarantee improved security. For example, an authenticator might never
change the key it hands out to each supplicant. Or, the network manager might
select an authentication method that does not allow for distribution of WEP
keys. 802.1X does, however, give the informed network manager the potential to
design and implement a more secure WLAN.
No comments:
Post a Comment