Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Review: 802.1X Authentication Servers

In many cases, wireless networks were installed despite the objections of information security pros. But now that WLANs are reality, you must secure them through strong encryption lest any ne'er-do-well with a powerful antenna snoop traffic passing through the air. If you have only basic encryption enabled, the right software--free and easily available--can crack wireless security keys.

One solution is to tunnel wireless users' data over enterprise VPNs, using an AP outside the Internet firewall locked down to all traffic except that which passes through a VPN port. A good method, but not ideal because of the cost and complexity of running VPN servers. Better is port-based authentication, known as 802.1X for its IEEE-standard name assignment. With 802.1X, you must have a set of credentials to gain access to a Wi-Fi or wired network. The credentials can be a user name and password, a smart card or a digital certificate signed by a certificate authority. The 802.1X process gives each Wi-Fi user a unique encryption key that can be changed during a session. This eliminates the danger of a shared key and the cracking of weak keys created manually.

But 802.1X can be expensive to implement, as much as several hundred dollars per seat when you count one-time fees, integration and technical-support subscriptions. Early on, the only option for businesses that couldn't justify this cost was a static, shared encryption key; changing this key entailed disabling all network access while new keys were typed and entered on each networked workstation. Obviously, these keys were seldom changed, and that meant potential exposure.

Throughout 2005, network product vendors introduced services and products designed to make 802.1X painless and affordable, usually by stripping down the process of creating and managing users, configuring APs and handling access to a few steps that even those without extensive network management skills could carry out.

  • 1