Networking Fundamentals, 3rd Edition page 464

Copyright Goodheart-Willcox Co., Inc. 464 Networking Fundamentals 802.1x provides a much easier way to manage numerous wireless access points. By using a server to provide centralized authentication, there is no need to maintain an ACL at each WAP. For example, a university campus might incorporate hundreds of wireless access points, which permit students and faculty to access the system from anywhere on campus. Every semester, new students and faculty need to be added to the ACL. 802.1x allows for a much easier security model by allowing an administra- tor to manage security from a centralized location. To set up IEEE 802.1x on a wireless network client, IEEE 802.1x must be enabled within the wireless network properties menu. Th ere are numerous authentication methods available from which to choose. Additionally, the exact number of security types, encryption types, and authentication methods available will vary according to the operating system version and network adapter manufacturer support. Many of these methods are proprietary designs by companies such as Microsoft, Cisco, and Intel. Th e authentication method selected must match the method used by the RADIUS server. IEEE 802.1x authentication is enabled in the Wireless Network Properties dialog box. Th e exact number of security, encryption, and authentication types will vary according to operating system version and network adapter manufacturer sup- port. If no security type is selected, no encryption types or authentication options will be available. If encryption is disabled for the wireless client or the wireless client is part of a peer-to-peer network, an error message will display. Th e message says that if encryp- tion is disabled for the wireless client, IEEE 802.1x cannot be used for authentica- tion—nor can 802.1x be used on a peer-to-peer network. Remember, a peer-to-peer network does not have a server to verify authentication, which is one of the require- ments of 802.1x. Rogue Wireless Access Points A rogue access point is an unauthorized wireless access point that is installed on a network system. Rogue access points provide a means to compromise the security of a network. Any network user could add a WAP to an existing network, thus allow- ing anyone to gain access to the network. Rogue access points can be prevented by using a wireless intrusion prevention system (WIPS). Th e WIPS will automatically conduct radio scans to identify the existence and location of the rogue access point. One method of preventing the successful use of a rogue access point is the use of an 802.1x system such as RADIUS, which requires authentication through a server. 4.4 NET Figure 15-15 The 802.1x standard provides centralized authentication for wireless LANs. It incorporates three components: supplicant, authenticator, and authentication server. Server with RADIUS installed Laptop with wireless network device Wireless access point Authentication server Supplicant Authenticator Wired Network (server icon) fullvector/Shutterstock.com (router icon) Vadim Ermak/Shutterstock.com (laptop icon) Jemastock/Shutterstock.com Goodheart-Willcox Publisher

Previous Page Next Page

Networking Fundamentals, 3rd Edition Page 464 (486 of 720)

Resources and Downloads

Help