802.1X, colloquially called Dot1x, a working group within the IEEE 802 project for standards in local area networks (LAN). The focus of this working group is on port-based authentication and authorization in 802-based networks.
The 802.1X standard is used in both classic wired and wireless networks. The aim of the standard is to keep unwanted users and devices out of the network. Therefore, Dot1x is a useful addition to the mains separation.
802.1X not only regulates where and when “intended” users can access your network, but also whether “unintended devices” get any form of access at all.
For example: No access to the internal network but access to the Internet or a network filled with honeypots.
Authentication is proof of your own identity to a third party.
Authentication is the verification of proof of identity.
Authorization is the granting of rights based on the authentication result.
Authentication via 802.1X basically consists of three components:
Unfortunately, it should be noted that not every device is Dot1x-capable. For example, network printers are often left out and cannot be made 802.1X-capable by free software projects.
To circumvent this problem, some authenticators offer the option of "MAC bypass": The affected device can authenticate itself using its MAC address. However, it must be pointed out that this runs the risk of creating a gateway for an attacker using MAC spoofing.
The EAP (Extensible Authentication Protocol) is based in the OSI layer model directly on the data security layer (Data Link Layer). In 802 networks, the abbreviations EAPoL and EAPoW (for LAN and WLAN) are also frequently encountered.
As a framework, EAP offers many different authentication methods that can be used alone or flexibly combined with an authentication server: starting with classic user/password authentication (MD5 challenge) to OTP challenges (one-time password) and TLS and GSM/UMTS SIM cards, but also Certifications or Kerberos-Tickets.
An authenticator's port status determines whether a supplicant is allowed access to services on the LAN. The port begins in the unauthorized state. In this state, the port forbids all incoming and outgoing traffic, except for 802.1x packets.
If the supplicant is successfully authenticated, the port changes to the authorized condition. This normalizes the data traffic for the new network participant based on the rules and measures that apply to it.
A Microsoft security update has unexpectedly created a new security vulnerability that puts businesses at risk. This undocumented side effect could block users' Windows updates and cut off systems from future security updates. A potential nightmare for IT security and business management.
Two critical vulnerabilities in Spotfire's AI analytics platform could be exploited by hackers to threaten companies in the industrial, financial, and research sectors. Experts urge CEOs, CIOs, and CISOs to take these risks seriously and act strategically.
A security vulnerability in the WordPress plugin "SureTriggers" puts over 100.000 corporate websites at risk. This article highlights the risks and provides recommendations for effective IT security strategies.
