SlideShare ist ein Scribd-Unternehmen logo

Implementing 802.1x Authentication

Als PPT, PDF herunterladen
D
dkaya

This is the presentation of my 802.1x Authentication seminar at New Horizons of Sofia, at 22.10.2008.

Technologie
1 von 30
802.1X Authentication Deniz Kaya Microsoft, Cisco, Ironport Trainer CCSI, CCNP, MCT, MCSE, ICSI, ICSP, CPTS
… While the Assets Needing to be Protected are Expanding Service Provider/ Internet Teleworker City Hall VPN Head-End Cable Provider 831 Library Partner/Vendor One physical network, must accommodate multiple logical networks (user groups) each with own rules. Airport
IDENTITY: So, you said MAC Address ? Win 2K & XP allow easy change for MAC addresses MAC address is not an authentication mechanism…
Determining “who” gets access and “what” they can do User Identity Based Network Access User Based Policies Applied (BW, QoS etc) Campus Network ,[object Object],[object Object],[object Object],[object Object],Authorized Users/Devices Unauthorized Users/Devices
What Exactly Is 802.1x? ,[object Object],[object Object],[object Object],[object Object]
Some IEEE Terminology AAA/RADIUS Server Authentication Server Network Access Device Authenticator Client Supplicant Normal People Terms IEEE Terms
What Does it Do? ,[object Object],[object Object],802.1x Header EAP Payload
What is RADIUS? ,[object Object],[object Object],[object Object],[object Object],RADIUS Header EAP Payload UDP Header
802.1x – enhancing LAN security Topology
Wired Access Control Model ,[object Object],[object Object],Client and Switch Talk 802.1x Switch Speaks to Auth Server Using RADIUS Actual Authentication Conversation Is between Client and Auth Server Using EAP; the Switch Is Just a Middleman, but Is Aware of What’s Going on
Identity Based Network Services ,[object Object],[object Object],VLAN 10 Engineering VLAN AAA Radius Server 802.1x Authentication Server Active Directory Login and Certificate Services 802.1x Capable Access Devices 802.1x Capable Client IEEE802.1x + VLANS + VVID + ACL + QoS Login Request Login Info Verify Login and Check with Policy DB Login Good! Apply Policies Switch applies policies and enables port. Login + Certificate Login Verified 6500 Series Access Points 4000 Series 3550/2950 Series
802.1x client implementation in Windows ,[object Object],[object Object],[object Object],[object Object],[object Object]
802.1x in Microsoft Windows Machine and user authentication Startup Machine Machine credentials available (use machine credentials) Machine authentication success Machine authentication failure User logon User credentials available (use user credentials) User authentication success User authentication failure User logoff
Windows Machine Authentication Power Up Load NDIS drivers DHCP Setup Secure Channel to DC Update GPOs Apply Computer GPOs Present GINA (Ctrl-Alt-Del) Login 802.1x Authenticate as Computer ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
802.1x in Microsoft Windows 802.1x authentication configuration page ,[object Object],[object Object],[object Object]
What is EAP? ,[object Object],[object Object]
EAP TLS GSS_API Kerberos PEAP MS-CHAPv2 TLS IKE MD5 EAP PPP 802.3 802.5 802.11 Other… method layer EAP layer media layer
802.1x authentication client EAP methods available in Windows ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
802.1x authentication client EAP methods – wired and wireless networks
EAP with MD5 Authenticator Peer cleartext password cleartext password Random challenge identity-request identity-response (username) success or failure MD5-challenge -request MD5-challenge -response R = MD5(password,challenge) Check that MD5(password,challenge) equals the response
802.1x with EAP-TLS Local store certificates ,[object Object],[object Object],[object Object],[object Object]
802.1x with EAP-TLS Configuration page ,[object Object],[object Object]
802.1x with EAP-TLS Smart card certificates ,[object Object],[object Object],[object Object],[object Object]
802.1x with PEAP-MSCHAPv2 What to consider ,[object Object],[object Object],[object Object],[object Object]
802.1x with PEAP-MSCHAPv2 Configuration page ,[object Object]
Campus Identity - Supplicants ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Windows HP Jet Direct Solaris 7920 Apple IP Phones WLAN APs Pocket PC
802.1x Port based network access control ,[object Object],[object Object],[object Object],[object Object]
Know before you start ! ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Demo – Wired Client Authentication 802.1x with PEAP-MSCHAPv2 ,[object Object],[object Object],[object Object],[object Object],[object Object]
New Horizons' Partners

Empfohlen

802.1x
802.1x802.1x
802.1xakruthi k
 
13 DHCP Configuration in Linux
13 DHCP Configuration in Linux13 DHCP Configuration in Linux
13 DHCP Configuration in LinuxHameda Hurmat
 
IEEE 802.1 x
IEEE 802.1 xIEEE 802.1 x
IEEE 802.1 xAnwesh Dixit
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
CCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationCCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationDsunte Wilson
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1VISHNU N
 
CCNP Switching Chapter 1
CCNP Switching Chapter 1CCNP Switching Chapter 1
CCNP Switching Chapter 1Chaing Ravuth
 

Empfohlen

802.1x
802.1x802.1x
802.1xakruthi k
 
13 DHCP Configuration in Linux
13 DHCP Configuration in Linux13 DHCP Configuration in Linux
13 DHCP Configuration in LinuxHameda Hurmat
 
IEEE 802.1 x
IEEE 802.1 xIEEE 802.1 x
IEEE 802.1 xAnwesh Dixit
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
CCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationCCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationDsunte Wilson
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1VISHNU N
 
CCNP Switching Chapter 1
CCNP Switching Chapter 1CCNP Switching Chapter 1
CCNP Switching Chapter 1Chaing Ravuth
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_kRama Krishna M
 
CCNA 2 Routing and Switching v5.0 Chapter 7
CCNA 2 Routing and Switching v5.0 Chapter 7CCNA 2 Routing and Switching v5.0 Chapter 7
CCNA 2 Routing and Switching v5.0 Chapter 7Nil Menon
 
CCNA training 101
CCNA training 101CCNA training 101
CCNA training 101Rohan Reddy
 
Ccnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architectureCcnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architectureSagarR24
 
Vlan
Vlan Vlan
Vlan sanss40
 
Implementing Cisco AAA
Implementing Cisco AAAImplementing Cisco AAA
Implementing Cisco AAAdkaya
 
Basics about IP address, DNS and DHCP.
Basics about IP address, DNS and DHCP.Basics about IP address, DNS and DHCP.
Basics about IP address, DNS and DHCP.abhishek bhandare
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPTReetesh Gupta
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Securityyousef emami
 
WPA2
WPA2WPA2
WPA2Mshari Alabdulkarim
 
Ccna PPT
Ccna PPTCcna PPT
Ccna PPTAIRTEL
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPTAIRTEL
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking pptEr. Anmol Bhagat
 
GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)Netwax Lab
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAruba, a Hewlett Packard Enterprise company
 
CCNA ppt
CCNA pptCCNA ppt
CCNA pptSumant Garg
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesAruba, a Hewlett Packard Enterprise company
 
802.1x authentication
802.1x authentication802.1x authentication
802.1x authenticationXiaoqi Zhao
 

Weitere ähnliche Inhalte

Was ist angesagt?

5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_kRama Krishna M
 
CCNA 2 Routing and Switching v5.0 Chapter 7
CCNA 2 Routing and Switching v5.0 Chapter 7CCNA 2 Routing and Switching v5.0 Chapter 7
CCNA 2 Routing and Switching v5.0 Chapter 7Nil Menon
 
CCNA training 101
CCNA training 101CCNA training 101
CCNA training 101Rohan Reddy
 
Ccnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architectureCcnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architectureSagarR24
 
Implementing Cisco AAA
Implementing Cisco AAAImplementing Cisco AAA
Implementing Cisco AAAdkaya
 
Basics about IP address, DNS and DHCP.
Basics about IP address, DNS and DHCP.Basics about IP address, DNS and DHCP.
Basics about IP address, DNS and DHCP.abhishek bhandare
 
Ccna PPT
Ccna PPTCcna PPT
Ccna PPTAIRTEL
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPTAIRTEL
 
GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)Netwax Lab
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 

Was ist angesagt? (20)

5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
 
CCNA 2 Routing and Switching v5.0 Chapter 7
CCNA 2 Routing and Switching v5.0 Chapter 7CCNA 2 Routing and Switching v5.0 Chapter 7
CCNA 2 Routing and Switching v5.0 Chapter 7
 
CCNA training 101
CCNA training 101CCNA training 101
CCNA training 101
 
Ccnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architectureCcnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architecture
 
Vlan
Vlan Vlan
Vlan
 
Implementing Cisco AAA
Implementing Cisco AAAImplementing Cisco AAA
Implementing Cisco AAA
 
Basics about IP address, DNS and DHCP.
Basics about IP address, DNS and DHCP.Basics about IP address, DNS and DHCP.
Basics about IP address, DNS and DHCP.
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPT
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
 
WPA2
WPA2WPA2
WPA2
 
Ccna PPT
Ccna PPTCcna PPT
Ccna PPT
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPT
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking ppt
 
GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
CCNA ppt
CCNA pptCCNA ppt
CCNA ppt
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
 

Andere mochten auch

802.1x authentication
802.1x authentication802.1x authentication
802.1x authenticationXiaoqi Zhao
 
802.1x Authentication Standard
802.1x Authentication Standard802.1x Authentication Standard
802.1x Authentication StandardDan Miller
 
ACSR Clear Pass Policy Manager
ACSR Clear Pass Policy ManagerACSR Clear Pass Policy Manager
ACSR Clear Pass Policy ManagerAli Badr
 
Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 xmatoko
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesCisco Canada
 
IEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationIEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationAxis Communications
 
802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for SeacoastSithideth Banavong
 
Heartbleed && Wireless
Heartbleed && WirelessHeartbleed && Wireless
Heartbleed && WirelessLuis Grangeia
 
Mitigating worm attacks
Mitigating worm attacksMitigating worm attacks
Mitigating worm attacksdkaya
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and UpdateCisco Canada
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISECisco Canada
 
VMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's BackboneVMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's BackboneVMworld
 

Andere mochten auch (20)

Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment Challenges
 
802.1x authentication
802.1x authentication802.1x authentication
802.1x authentication
 
802.1x
802.1x802.1x
802.1x
 
Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 x
 
802.1x Authentication Standard
802.1x Authentication Standard802.1x Authentication Standard
802.1x Authentication Standard
 
ACSR Clear Pass Policy Manager
ACSR Clear Pass Policy ManagerACSR Clear Pass Policy Manager
ACSR Clear Pass Policy Manager
 
Report Master
Report MasterReport Master
Report Master
 
Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 x
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best Practices
 
Présentation Master
Présentation Master Présentation Master
Présentation Master
 
IEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationIEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ Implementation
 
802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MAB
 
Heartbleed && Wireless
Heartbleed && WirelessHeartbleed && Wireless
Heartbleed && Wireless
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise Networks
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
 
Mitigating worm attacks
Mitigating worm attacksMitigating worm attacks
Mitigating worm attacks
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and Update
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
 
VMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's BackboneVMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's Backbone
 

Ähnlich wie Implementing 802.1x Authentication

wireless lan security.ppt
wireless lan security.pptwireless lan security.ppt
wireless lan security.pptSagarBedarkar3
 
Technet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager PresentationTechnet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager Presentationjasonlan
 
Wireless security
Wireless securityWireless security
Wireless securityparipec
 
ISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustInformation Security Services SA
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustInformation Security Services SA
 
Remote access service
Remote access serviceRemote access service
Remote access serviceApoorw Pandey
 
Wi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyWi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyKarri Huhtanen
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3webhostingguy
 
기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...
기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...
기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...Amazon Web Services Korea
 
WLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALAWLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALASaikiran Panjala
 
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfConfiguring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfdjameleddine2015
 
AWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAmazon Web Services
 

Ähnlich wie Implementing 802.1x Authentication (20)

Sem cis ise
Sem cis iseSem cis ise
Sem cis ise
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 Authentication
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
wireless lan security.ppt
wireless lan security.pptwireless lan security.ppt
wireless lan security.ppt
 
Technet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager PresentationTechnet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager Presentation
 
Wi Fi Technology
Wi Fi TechnologyWi Fi Technology
Wi Fi Technology
 
Wireless security
Wireless securityWireless security
Wireless security
 
ISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de Entrust
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
 
Remote access service
Remote access serviceRemote access service
Remote access service
 
AAA server
AAA serverAAA server
AAA server
 
Wi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyWi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and Privacy
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3
 
기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...
기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...
기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...
 
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
 
Iuwne10 S04 L04
Iuwne10 S04 L04Iuwne10 S04 L04
Iuwne10 S04 L04
 
WLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALAWLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALA
 
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfConfiguring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
 
AWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel Aviv
 
Introduction To Cloud Computing
Introduction To Cloud ComputingIntroduction To Cloud Computing
Introduction To Cloud Computing
 

Mehr von dkaya

Ccna security
Ccna securityCcna security
Ccna securitydkaya
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasuresdkaya
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Trafficdkaya
 
Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windowsdkaya
 
Cisco Ccna Certification
Cisco Ccna CertificationCisco Ccna Certification
Cisco Ccna Certificationdkaya
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Securitydkaya
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
Microsoft Days 09 Windows 2008 Security
Microsoft Days 09 Windows 2008 SecurityMicrosoft Days 09 Windows 2008 Security
Microsoft Days 09 Windows 2008 Securitydkaya
 
Ironport Data Loss Prevention
Ironport Data Loss PreventionIronport Data Loss Prevention
Ironport Data Loss Preventiondkaya
 

Mehr von dkaya (9)

Ccna security
Ccna securityCcna security
Ccna security
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasures
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Traffic
 
Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windows
 
Cisco Ccna Certification
Cisco Ccna CertificationCisco Ccna Certification
Cisco Ccna Certification
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Security
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacks
 
Microsoft Days 09 Windows 2008 Security
Microsoft Days 09 Windows 2008 SecurityMicrosoft Days 09 Windows 2008 Security
Microsoft Days 09 Windows 2008 Security
 
Ironport Data Loss Prevention
Ironport Data Loss PreventionIronport Data Loss Prevention
Ironport Data Loss Prevention
 

Kürzlich hochgeladen

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 

Kürzlich hochgeladen (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 

Implementing 802.1x Authentication

  • 1. 802.1X Authentication Deniz Kaya Microsoft, Cisco, Ironport Trainer CCSI, CCNP, MCT, MCSE, ICSI, ICSP, CPTS
  • 2. … While the Assets Needing to be Protected are Expanding Service Provider/ Internet Teleworker City Hall VPN Head-End Cable Provider 831 Library Partner/Vendor One physical network, must accommodate multiple logical networks (user groups) each with own rules. Airport
  • 3. IDENTITY: So, you said MAC Address ? Win 2K & XP allow easy change for MAC addresses MAC address is not an authentication mechanism…
  • 4.
  • 5.
  • 6. Some IEEE Terminology AAA/RADIUS Server Authentication Server Network Access Device Authenticator Client Supplicant Normal People Terms IEEE Terms
  • 7.
  • 8.
  • 9. 802.1x – enhancing LAN security Topology
  • 10.
  • 11.
  • 12.
  • 13. 802.1x in Microsoft Windows Machine and user authentication Startup Machine Machine credentials available (use machine credentials) Machine authentication success Machine authentication failure User logon User credentials available (use user credentials) User authentication success User authentication failure User logoff
  • 14.
  • 15.
  • 16.
  • 17. EAP TLS GSS_API Kerberos PEAP MS-CHAPv2 TLS IKE MD5 EAP PPP 802.3 802.5 802.11 Other… method layer EAP layer media layer
  • 18.
  • 19. 802.1x authentication client EAP methods – wired and wireless networks
  • 20. EAP with MD5 Authenticator Peer cleartext password cleartext password Random challenge identity-request identity-response (username) success or failure MD5-challenge -request MD5-challenge -response R = MD5(password,challenge) Check that MD5(password,challenge) equals the response
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.

Hinweis der Redaktion

  1. My name is Deniz Kaya and today I will be speaking about 802.1x authentication standard, how to configure it on Cisco Catalyst Switches and also 802.1x authentication client in Microsoft Windows. In the year 2000, IEEE created the 802.1x specification. This was done to further protect wired and wireless networks. First of all, I want to lay the groundwork of what 802.1x authentication really is, and how it enhances network security. We'll talk briefly about the specifics of the protocol, and we'll also get into implementation and EAP methods (Extensible Authentication Protocol methods). And then we'll talk about the kind of configuration and the type of scenarios that you'll be using 802.1x in.