Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.1  Remote Access

Previous Topic/Section
2.1  Remote Access
Previous Page
Pages in Current Topic/Section
1
23
Next Page
2.1.2  VPN
Next Topic/Section

2.1.1  802.1X
(Page 1 of 3)

The IEEE 802.1X standard is a relatively recent protocol enhancement that creates a standard for how authentication is performed over an 802 standards-based network. It improves scalability and security of wireless LAN authentication, and allows for the use of multiple authentication mechanisms as needed.

Why is 802.1X Needed?

With a typical wired Ethernet LAN, the moment your station is added to the network, you have access to the wire. You may or may not be able to do much on the network if you don’t authenticate yourself to your organization’s domain controller, but you can usually sniff the raw packets that are reaching your network adapter. With a typical dial-up networking connection, the situation is different, because PPP requires that you authenticate yourself to a server before you can connect via the network. You have to provide a user ID and password (or other authentication) to the network you’re dialing into, before you’re allowed access to the network. No password = no packets.

Wireless networking follows the wired networking model above, rather than the dial-up networking model. If you have physical access to a connection (which in the wireless case means a wireless networking card that can communicate using the same technology as a particular wireless network access point), you can access its raw packets. In the 802.11b case, an attacker can parlay their ability to “sniff” packets from a wireless network, into the ability to connect to it, because it is possible to break the weak encryption typically used on 802.11b if you obtain a large enough sample of packets. This will be discussed in more detail, in section 2.6. The flaws in the attempts at communication privacy in 802.11b make additional layers of security valuable.

Another reason to want to authenticate wireless users before allowing them to connect to your network is that you might always want to be able to identify who’s on a particular network connection. In the wired world, that tends to be easy to do, because physical connections tend to be assigned to individual offices and work areas. In contrast, multiple users can connect to a given wireless access point, just by walking up to the area in which it is located, carrying a machine with a compatible network adapter. They might perform a network action that identifies them, like logging in to a network to reach a data file stored on a file server. But then again, they might opt to just surf the Internet anonymously.


Previous Topic/Section
2.1  Remote Access
Previous Page
Pages in Current Topic/Section
1
23
Next Page
2.1.2  VPN
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.