Security / Introducing 802.1x and EAP - Tech Update

[an error occurred while processing this directive]


Tech Update Security

At last, real wireless LAN security
Introducing 802.1x and EAP
By George Ou
TechRepublic
September 3, 2002

Add your opinion

[an error occurred while processing this directive]

After the IEEE recognized the shortcomings of WEP and 802.11, it quickly came up with the 802.1x and EAP solution. A standard for Port Based Access Control for both wired and wireless networking, 802.1x in itself does not make wireless networking secure. However, combine 802.1x with the Extensible Authentication Protocol (EAP) standard, and the gold standard in wireless network security is born; it's now possible to resolve WEP's biggest liability: static user and session keys.

User authentication is now mutually assured, and WEP keys can be centrally managed with policies and distributed securely. WEP keys can now be unique for individual users and individual sessions. In addition, keys can be set to automatically expire every 10 minutes to force constant rekeying, which makes it impossible to collect the 100 to 1,000 MB of data that hackers need to break WEP. The illustration below shows how this combination works.

The client makes a connection to the access point. At this point, the client is in an unauthorized state and not given an IP address or permitted access to the network in any way. The only thing the client can do is send 802.1x messages. The client sends user credentials to the access point with EAP, and the access point forwards the request to the Remote Authentication Dial-In User Service (RADIUS) server for approval. If the credentials are valid, the client will request credentials from the Authenticator via 802.1x and EAP. Once that process is complete, the RADIUS server issues a new temporary WEP key, and the access point allows the WEP session to proceed for that client. Every 10 minutes, the key expires and the EAP authentication process is run again to buy another 10 minutes of time.

Security is worth the investment
For any business network where wireless encryption needs to hold beyond one day, the time for real wireless LAN security has arrived. It may cost a few times more than a consumer access point and require a more complex implementation, but your company's security should be worth a lot more than a $100 SOHO wireless access point. Your $100,000 firewall is useless if someone puts up a rogue access point, and standard WEP can do little to stop such attacks.

How are you protecting your wireless LAN? TalkBack below or e-mail us with your thoughts.
TechRepublic provides insight, advice, and technical information written by IT professionals for IT professionals.
Have the top IT experts by your side today--FREE!

Previous page | 1 2

[an error occurred while processing this directive]

[an error occurred while processing this directive]

[an error occurred while processing this directive]



	1. At last, real wireless LAN security



	2. Introducing 802.1x and EAP

ARTICLES
	Special Report: Wireless LAN security
	Making wireless work
	Taming wireless nets
	The best way to secure wireless access
PRODUCTS
	ISS Wireless Scanner 1.0
	Airopeek
	Ecutel Viatores Enterprise Edition
	Cisco Access Registrar 1.7

TECH UPDATE TODAY DAILY:
Dan Farber and David Berlind deliver daily insights on the business and technology news that matters to enterprise IT.

	Enterprise Alerts
	IT Management
	IT Professionals
	Online Shopping
	System Administration
	Linux

Manage My Newsletters

[an error occurred while processing this directive] [an error occurred while processing this directive]