Skip to main content

What is 802.1x

Authentication means making sure that something is what it claims to be. E.g., in online banking, you want to make sure that the remote computer is actually your bank, and not someone pretending to be your bank. The purpose of 802.1x is to accept or reject users who want full access to a network using 802.1x. It is a security protocol that works with 802.11 wireless networks such as 802.11g and 802.11b, as well as with wired devices.

In a wireless network, 802.1x is used by an access point to implement WPA. In order to connect to the access point, a wireless client must first be authenticated using WPA.


In a wired network, switches use 802.1x in a wired network to implement port-based authentication. Before a switch forwards packets through a port, the attached devices must be authenticated. After the end user logs off, the virtual port being using is changed back to the unauthorized state.

A benefit of 802.1x is the switches and the access points themselves do not need to know how to authenticate the client. All they do is pass the authentication information between the client and the authentication server. The authentication server handles the actual verification of the client’s credentials. This lets 802.1x support many authentication methods, from simple user name and password, to hardware token, challenge and response, and digital certificates.

802.1x uses EAP (Extensible Authentication Protocol) to facilitate communication from the supplicant to the authenticator and from the authenticator to the authentication server.


EAP supports various authentication methods. As a user seeking authentication, you just need to use a method supported by the authentication server. As an administrator, you need to select which methods your server will use. Selection is beyond the scope of this article (and outside the scope of free NETGEAR support), however, the material in the Microsoft article will give administrators a solid grounding.



EAP-TLS is widely supported. It uses PKI (e.g., a digital certificate) to authenticate the supplicant and authentication server.

EAP-MD5 uses standard user name and password. The supplicant’s password is hashed with MD5 and the hash value is being used to authenticate the supplicant.

LEAP is Cisco’s Lightweight EAP, and works mainly with Cisco products. It also uses MD5 hash, but both the supplicant and authentication server are authenticated.

EAP-TTLS uses PKI to authenticate the authentication server. However, it supports a different set of authenticate methods (e.g. CHAP, PAP, MS-CHAP v2) to authenticate the supplicant.

PEAP (Protected EAP), which is built-in to Windows XP, uses PKI to authenticate the authentication server. It supports any type of EAP to authenticate the supplicant including certificate.
Labels:

Comments

Post a Comment

Popular posts from this blog

How To Recover Passwords Using Ophcrack LiveCD

Ophcrack LiveCD 3.4.0 is a completely self contained, bootable version of Ophcrack 3.4.0 - the easiest and most effective tool that I've ever found to "crack" your forgotten Windows password. For a quick overview of Ophcrack, see my complete review of Ophcrack 3.4.0 . Ophcrack is a free software program that recovers passwords so the first step you'll need to take is to visit Ophcrack's website . When the Ophcrack website loads as shown above, click the Download ophcrack LiveCD button. Note: Since you obviously can't get into your computer right now because you don't know the password, these first four steps will need to be completed on another computer that you have access to. This other computer will need to have access to the Internet and the capability to burn a disc (like a CD, DVD, etc.). Another Note: The instructions I've put together here walk you through the entire process of using Ophcrack LiveCD to recover your password. If you...
Post a Comment
Read more

Linuxfx 10 : A Windows-Like Linux Distro

The idea of Linuxfx is to make it easier for people who are migrating from Windows 7. People who are dissatisfied with the lack of security and stability of Windows 10 are also fit for Linuxfx. LinuxFX Desktop : Apart from Windows-like looks, Linuxfx also has more to offer which a regular user will definitely admire. So, let’s get along with me to know more about Windows alternative Linuxfx. As usual, I started by downloading the ISO image of Linuxfx from the official site  here . Then, instead of dual-booting, I decided to install it on my VirtualBox to play safely. After finishing the basic configuration, as soon as I booted it, I noticed a Windows logo and system integrity check. That’s quite surprising because every Linux distro puts their own or OEM logo on that place. But I think Linuxfx wants to make migrating users feel like home from the beginning. Entering the boot menu, Linuxfx redirected and logged in to a live session. Whoah! it can also detect the system I’m using — a...
Post a Comment
Read more

Share Registry Editor Favorite Keys Across Computers

if you spend a lot of time inside your registry editor, you might already know that you can use the Favorites feature to add in a bookmark to a specific key in the registry, saving you immense amounts of time when you need to check a bunch of different keys. But did you think about exporting that list so you can use it on any computer? Here’s the menu I’m talking about: For instance, here I’m adding in a favorite for the local machine’s Run key, used to launch applications across all users. Now when I use the menu item, it will navigate me instantly to that key in the registry, no matter where I currently am. As I added a few favorites, it occurred to me that I should figure out where those menu items are being stored… Now browse down to this registry key to find the favorites list: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites And there’s the favorite we just saved… so how does this help you? If you export this r...
Post a Comment
Read more