How to use 802.1X protocol to solve network internal loopholes
Today we will consolidate the concept and application of the 802.1X protocol.
In traditional corporate networks, it is generally believed that the corporate intranet is safe, and threats mainly come from outsiders. But in fact, the internal loopholes in the network damage the network more seriously.
In addition, internal employees lack security awareness and malicious software such as various plug-ins, spyware, and Trojan horse programs will unknowingly be downloaded to the computer and spread on the corporate intranet, creating serious security risks. With the continuous escalation of security challenges, traditional security measures alone are no longer enough. You should consider starting with the security control of the terminal connected to the network, and the security status of the terminal and the network.
802.1x is mainly based on Client/Server access control and authentication protocol. It is mainly used to restrict unauthorized users from accessing the LAN/WLAN network through the access interface. 802.1x authenticates users connected to switch ports. After the authentication is passed, normal data can pass through the Ethernet port smoothly. It is an interface-based network access control method.
802.1x includes three entities of the client, the device and the authentication server.
The user terminal for 802.1x authentication is usually the user, who initiates the 802.1x authentication by starting the client software. Generally, it is an entity located at one end of a LAN link and is authenticated by a device at the other end of the link.
The device side usually refers to a network device that provides an interface for the client to access the LAN and supports the 802.1x protocol. Used to authenticate the client.
The authentication server is used to authenticate, authorize, and account for users, and is usually a RADIUS server. An entity that provides authentication services to clients.
802.1x supports port and MAC-based authentication mode. When the port-based mode is adopted, as long as the first user under the port is successfully authenticated, other access users can use network resources without authentication. But when the last user goes offline, other users will also be denied access to the network. If the MAC address-based mode is adopted, all access users under this port need to be authenticated separately.
The above is the news sharing from the PASSHOT. I hope it can be inspired you. If you think today' s content is not too bad, you are welcome to share it with other friends. There are more latest Linux dumps, CCNA 200-301 dumps, CCNP Written dumps and CCIE Written dumps waiting for you.
Comments
Post a Comment