Which of the following is the most secure form of ieee 802.1x authentication?
802.1X is a port access protocol for protecting networks via authentication. As a result, this type of authentication method is extremely useful in the Wi-Fi environment due to the nature of the medium. If a Wi-Fi user is authenticated via 802.1X for network access, a virtual port is opened on the access point allowing for communication. If not successfully authorized, a virtual port isn't made available and communications are blocked. Show There are three basic pieces to 802.1X authentication:
Extensible Authentication Protocol (EAP) is used to pass the authentication information between the supplicant (the Wi-Fi workstation) and the authentication server (Microsoft IAS or other). The EAP type actually handles and defines the authentication. The access point acting as authenticator is only a proxy to allow the supplicant and the authentication server to communicate. Which should I use? Which EAP type to implement, or whether to implement 802.1X at all, depends on the level of security that the organization needs, the administrative overhead, and features desired. Hopefully the descriptions here and a comparative chart will ease the difficulties in understanding the variety of EAP types available. Extensible Authentication Protocol (EAP) authentication types Because Wi-Fi Local Area Network (WLAN) security is essential and EAP authentication types provide a potentially better means of securing the WLAN connection, vendors are rapidly developing and adding EAP authentication types to their WLAN access points. Some of the most commonly deployed EAP authentication types include EAP-MD-5, EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-Fast, and Cisco LEAP.
802.1X EAP Types Feature / Benefit --- Message Digest 5TLS --- Transport Level SecurityTTLS --- Tunneled Transport Level SecurityPEAP --- Protected Transport Level Security FAST --- Lightweight Extensible Authentication ProtocolClient-side certificate requirednoyesnonono (PAC)noServer-side certificate requirednoyesyesyesno (PAC)noWEP key managementnoyesyesyesyesyesRogue AP detectionnonononoyesyesProviderMSMSFunkMSCiscoCiscoAuthentication AttributesOne wayMutualMutualMutualMutualMutualDeployment DifficultyEasyDifficult (because of client certificate deployment)ModerateModerateModerateModerateWi-Fi SecurityPoorVery HighHighHighHighHigh when strong passwords are used.
A review of the above discussions and table usually provides the following conclusions:
Another option is VPN Instead of relying on Wi-Fi LAN for authentication and privacy (encryption), many enterprises implement a VPN. This is done by placing the access points outside the corporate firewall and having the user tunnel in via a VPN Gateway - just as if they were a remote user. The downsides of implementing a VPN solution are cost, initial installation complexities, and ongoing administration overhead. Which type of EAP method is most secure in 802.1X authentication?The EAP protocol can be configured for credential (EAP-TTLS/PAP and PEAP-MSCHAPv2) and digital certificate (EAP-TLS) authentication and is a highly secure method for protecting the authentication process.
Is 802.1X authentication secure?802.1x is a very secure method of protecting your wireless network. Each time the device connects the user configured on the device is authenticated against a RADIUS server and is given a unique encryption key that changes every 90 seconds.
What are the 802.1X security authentication standards?802.1X protocol—An IEEE standard for port-based network access control (PNAC) on wired and wireless access points. 802.1X defines authentication controls for any user or device trying to access a LAN or WLAN. NAC—A proven networking concept that identifies users and devices by controlling access to the network.
What is 802.1X port authentication?802.1X defines 802.1X port-based authentication as a client-server based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports.
|