Skip to main content

What is 802.1x

Authentication means making sure that something is what it claims to be. E.g., in online banking, you want to make sure that the remote computer is actually your bank, and not someone pretending to be your bank. The purpose of 802.1x is to accept or reject users who want full access to a network using 802.1x. It is a security protocol that works with 802.11 wireless networks such as 802.11g and 802.11b, as well as with wired devices.

In a wireless network, 802.1x is used by an access point to implement WPA. In order to connect to the access point, a wireless client must first be authenticated using WPA.


In a wired network, switches use 802.1x in a wired network to implement port-based authentication. Before a switch forwards packets through a port, the attached devices must be authenticated. After the end user logs off, the virtual port being using is changed back to the unauthorized state.

A benefit of 802.1x is the switches and the access points themselves do not need to know how to authenticate the client. All they do is pass the authentication information between the client and the authentication server. The authentication server handles the actual verification of the client’s credentials. This lets 802.1x support many authentication methods, from simple user name and password, to hardware token, challenge and response, and digital certificates.

802.1x uses EAP (Extensible Authentication Protocol) to facilitate communication from the supplicant to the authenticator and from the authenticator to the authentication server.


EAP supports various authentication methods. As a user seeking authentication, you just need to use a method supported by the authentication server. As an administrator, you need to select which methods your server will use. Selection is beyond the scope of this article (and outside the scope of free NETGEAR support), however, the material in the Microsoft article will give administrators a solid grounding.



EAP-TLS is widely supported. It uses PKI (e.g., a digital certificate) to authenticate the supplicant and authentication server.

EAP-MD5 uses standard user name and password. The supplicant’s password is hashed with MD5 and the hash value is being used to authenticate the supplicant.

LEAP is Cisco’s Lightweight EAP, and works mainly with Cisco products. It also uses MD5 hash, but both the supplicant and authentication server are authenticated.

EAP-TTLS uses PKI to authenticate the authentication server. However, it supports a different set of authenticate methods (e.g. CHAP, PAP, MS-CHAP v2) to authenticate the supplicant.

PEAP (Protected EAP), which is built-in to Windows XP, uses PKI to authenticate the authentication server. It supports any type of EAP to authenticate the supplicant including certificate.
Labels:

Comments

Post a Comment

Popular posts from this blog

Session Messenger----Best Secure Messaging App

  Session is fundamentally different than most other secure messaging services. Conversations in Session are secured using  client-side E2E encryption . Only the sender and the recipient of a message can read it. But Session goes beyond providing message security. Session also  protects the identities  of its users. It makes your communications private and anonymous, as well as secure. Session can do this because it  connects users  through a  Tor -like network of thousands of  Service Nodes . Service Nodes are servers that pass messages back and forth through the network as well as provide additional services. The  onion request  system that Session uses to protect messages ensures that no Service Node in the network ever knows both a message’s origin (your IP address) and destination (the recipient’s IP address). This allows you to  hide your IP  by default. Session takes a number of additional steps to protect your identity: No phone number is required for registration No email is r
Post a Comment
Read more

Tiny 11 - A Lightweight Windows 11 that can run on 2GB RAM and requires less harddisk space.

  In terms of Windows 11, its   system requirements   are high since this system requires at least 4GB RAM, 64GB storage space, enabled TPM & Secure Boot, a high CPU (1 GHz or faster with 2 or more cores on a compatible 64-bit processor), etc. compared to any old Windows operating systems. If you have an old or lower-end PC, Windows 11 is not a good option to install since many issues like random crashes, blue screen errors, etc. could appear on the unsupported hardware. Overview of Tiny11 If you want to run Windows 11 on your old computer with low RAM and disk space, Tiny11 appears in public. It is a project from NTDev and Tiny11 is a Windows 11 tiny edition. This edition is based on Windows 11 Pro 22H2 and includes everything you need for a comfortable computing experience since this tool doesn’t have the bloat and clutter of a standard Windows installation. Tiny11 Requirements In terms of Tiny11 requirements, a scant 8GB of storage and just 2GB of RAM are required and Windows 11
Post a Comment
Read more

Linuxfx 10 : A Windows-Like Linux Distro

The idea of Linuxfx is to make it easier for people who are migrating from Windows 7. People who are dissatisfied with the lack of security and stability of Windows 10 are also fit for Linuxfx. LinuxFX Desktop : Apart from Windows-like looks, Linuxfx also has more to offer which a regular user will definitely admire. So, let’s get along with me to know more about Windows alternative Linuxfx. As usual, I started by downloading the ISO image of Linuxfx from the official site  here . Then, instead of dual-booting, I decided to install it on my VirtualBox to play safely. After finishing the basic configuration, as soon as I booted it, I noticed a Windows logo and system integrity check. That’s quite surprising because every Linux distro puts their own or OEM logo on that place. But I think Linuxfx wants to make migrating users feel like home from the beginning. Entering the boot menu, Linuxfx redirected and logged in to a live session. Whoah! it can also detect the system I’m using — anoth
Post a Comment
Read more