| When deploying a wireless or wired network, you must ensure that proper security safeguards are put in place. An enterprise, for example, often has valuable resources stored inside databases that are attached to the network. Using passwords to access specific applications is usually not good enough to keep hackers from accessing the resources in an unauthorized and sometimes crippling manner. In order to adequately protect your network from intruders, you must have mechanisms that utilize proven authentication methods that control access to the network.
The overall framework for providing access control for networks is what’s referred to as a port-based authentication system, which some people refer to as 802.1X. The main concept of this sort of system is fairly straightforward: You simply verify that the credentials a user provides indicate that the user is authorized to use the network. If so, then you let them have access to the network. If they are not authorized, then you don’t let them have access to the network. Conceptually, this isn’t any different from how a security guard operates when controlling access to an important facility. Seems like simple stuff, right?
Actually, the control of access to a network involves a host of protocols and standards that are anything but simple. 802.1X is an important component, but several other standards and specifications, written by different organizations, form a complete 802.1X port-based authentication system. As examples, the IEEE standard that applies to port-based authentication is 802.1X, which addresses EAPOL, and the IETC provides RFCs for EAP, EAP-Methods, and RADIUS. All of these standards and specifications are needed to make a port-based authentication system operate. Some people mistakenly think that 802.1X does it all, but actually no single integrated standard specifies all of the components needed to implement a complete port-based authentication system. What makes matters worse is that the port-based authentication components, such as supplicants, authenticator, and authentication servers, have many different configuration settings that must be just right in order for the system to work effectively. The point is that port-based authentication is much more difficult to implement than the definition of simple authentication implies. |
