802.1X, colloquially called Dot1x, a working group within the IEEE 802 project for standards in local area networks (LAN). The focus of this working group is on port-based authentication and authorization in 802-based networks.
The 802.1X standard is used in both classic wired and wireless networks. The aim of the standard is to keep unwanted users and devices out of the network. Therefore, Dot1x is a useful addition to the mains separation.
802.1X not only regulates where and when “intended” users can access your network, but also whether “unintended devices” get any form of access at all.
For example: No access to the internal network but access to the Internet or a network filled with honeypots.
Authentication is proof of your own identity to a third party.
Authentication is the verification of proof of identity.
Authorization is the granting of rights based on the authentication result.
Authentication via 802.1X basically consists of three components:
Unfortunately, it should be noted that not every device is Dot1x-capable. For example, network printers are often left out and cannot be made 802.1X-capable by free software projects.
To circumvent this problem, some authenticators offer the option of "MAC bypass": The affected device can authenticate itself using its MAC address. However, it must be pointed out that this runs the risk of creating a gateway for an attacker using MAC spoofing.
The EAP (Extensible Authentication Protocol) is based in the OSI layer model directly on the data security layer (Data Link Layer). In 802 networks, the abbreviations EAPoL and EAPoW (for LAN and WLAN) are also frequently encountered.
As a framework, EAP offers many different authentication methods that can be used alone or flexibly combined with an authentication server: starting with classic user/password authentication (MD5 challenge) to OTP challenges (one-time password) and TLS and GSM/UMTS SIM cards, but also Certifications or Kerberos-Tickets.
An authenticator's port status determines whether a supplicant is allowed access to services on the LAN. The port begins in the unauthorized state. In this state, the port forbids all incoming and outgoing traffic, except for 802.1x packets.
If the supplicant is successfully authenticated, the port changes to the authorized condition. This normalizes the data traffic for the new network participant based on the rules and measures that apply to it.
The cyberattack on the crypto exchange Coinbase has shown that insiders can pose the greatest threat to companies. It's not just technical vulnerabilities, but especially human vulnerabilities that enable cybercrime. This article explains why insider threats pose a particular risk and what measures companies can take.
The recent cyberattack on the Federal Employment Agency demonstrates that even small vulnerabilities can lead to massive damage. The incident raises important questions regarding corporate strategies for preventing such scenarios.
A Microsoft security update has unexpectedly created a new security vulnerability that puts businesses at risk. This undocumented side effect could block users' Windows updates and cut off systems from future security updates. A potential nightmare for IT security and business management.
