Network Access Control and Dot1x

Contributed by LoyCurtis Smith

As a network is expanded and more users are granted access to a company’s resources, more extensive measures are required to protect an enterprise from someone obtaining unauthorized access to those resources as well as company secrets. One of the most important measures an entity can deploy to mitigate one’s ability to gain unauthorized access is network access control. There are many different flavors and implementations of access control, whether it is role based, rule based, discretionary, mandatory, and etc. It can also be implemented at many different layers of the OSI model. Network access control can be managed through user name and password, biometrics, IP address, logical port, certificates, and even at the switch port. To better protect a network from rogue systems and/or users connecting wirelessly or through wired connections, access control is necessary on the switches at the access layer of the network in the form of port based authentication. Port based network access control or layer 2 access control is the first line of defense in protecting network users and network resources from rogue and potentially malicious users. A good port based control that can protect an organization by not granting access to network resources until a user is authenticated is 802.1x or dot1x as it is also called. As with anything else implementation is key with do1x and can prove to be troublesome if done incorrectly however, if properly deployed it can prove to be very capable of controlling network access in an enterprise.

This document is in PDF format. To view it click here.

Rate this article: 
No votes yet