Using 802.1X to control physical access to LANs
来源:互联网 发布:西语助手mac 编辑:程序博客网 时间:2024/06/01 09:48
Network security would be so much easier if you could control which physical computers were allowed to join your network. It would mean a hacker would have to gain physical access to a particular computer before they could even start to attack your network. One technology used to control admission of computers into a network is 802.1X, a port-based access control. It is mainly used on wireless networks but is increasing in popularity as an access control method on wired networks too.
802.1X features MAC address filtering. Any machine whose MAC address on the network adapter does not match an entry in the account database is not permitted access to the network. Unfortunately, like IP addresses, MAC addresses can be spoofed. This creates the possibility of a man-in-the-middle attack, albeit a sophisticated one. To prevent this type of attack, 802.1X should be combined with the Extensible Authentication Protocol (EAP) to authenticate the client to the network and the network to the client.
802.1X is one way of preventing entry to your network, but once it authenticates the connection it assumes all traffic over the connection is legitimate. To really solve the problem of rogue machines, each computer needs to protect itself from the other computers on the network.
So, 802.1X should also be used in conjunction with IPSec, which provides end-to-end authentication and encryption between hosts on a network.Looking ahead to the release of Microsoft Windows Vista/Longhorn, it's understood that they will include Network Access Protection (NAP). This feature will allow you to protect your network from unhealthy computers by enforcing compliance with network health policies. This is similar to Cisco's Network Admission Control (NAC), which isolates and denies network access to non-compliant devices. While NAP and NAC play a different role from 802.1X in controlling network connections, it will certainly go a long way to ensuring trusted computers on the network stay that way.
About the author
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity's Web Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.
- Using 802.1X to control physical access to LANs
- ACL-Using Access Control Lists to secure access to your objects
- .net 操作 EXCEL (using c# to control and access the excel)
- Set Access Control to File/Folder (ACL)
- Decide to use simple user access control
- Using Oracle SQLDeveloper to access SQLServer
- Using OAuth 2.0 to Access Google APIs
- Using jdbc to access sqlite in Android
- Coursera Using python to access Web data
- Use X++ to control word drawing Chart
- Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin'
- Step By Step Guide To Create Physical Standby Database Using RMAN Backup and Restore
- Steps to perform for Rolling Forward a Physical Standby Database using RMAN Incremental Backup. (文档
- Using Delegates with Data Readers to Control DAL Responsibility
- [vim技巧]How to control Firefox using Vim keybindings
- Using robots.txt To Control Search Engine Spiders
- Introduction to Model View Control (MVC) Pattern using C#
- Platform Builder: Using Environment Variables to Control Macro Definition
- CMarkup定位解释——深入Markup分析器
- 从卡巴漏洞管窥内核模式Shellcode的编写
- 春暖花开,熬过最坏的日子(2008年3月22)
- 在ASP.NET(GridView)中弹出一个对话框
- Vista Rootkit - Bypass Activation and Avoid DRM
- Using 802.1X to control physical access to LANs
- shadow ssdt学习笔记
- 走进这条路,才知道它并非是那么的平坦。。。。。
- 财富快车中的几个比较有用的逆向代码
- PDA开发项目入门Two
- 病毒分析技巧
- 一款木马的分析
- 内网渗透之——嗅探并破解系统用户密码
- 一个包含详细注释的扫描器C源代码