802.1X verification Best Practices

BKJIA Internet headlines in October 19] As we all know, most of the things worth doing seem to be hard to do. IEEE 802.1X verification is clearly worth a try, but many companies seem to be waiting for network and computer vendors to make it easier, so simply leave it behind. Although network providers have begun to include 802.1X in their product catalog, the following problems still exist: how can you add the latest and most powerful Security Control Measures to your users and employees with minimal interference?

Although 802.1X has been the most popular verification method in the past few years, changes in user access networks and related policies make it accepted by everyone. What enterprises want now is to provide network-based login support for customers', contractors, employees' personal computers and smart phones. Everyone wants to get a login solution that includes encryption authentication and access permission differentiation, and can deny access from unknown and untrusted users.

All these benefits are obvious, and the network and security team has been working hard to implement 802.1X, because it means that it is possible to manually touch each device on the network. The challenges, scalability, and management complexity faced by network infrastructure components and user devices also impede 802.1X deployment.

Things are changing, and all enterprises are trying to solve the difficulties they face. For example, to better serve more than 3000 users, the IT team at the University of Yang baihan in Hawaii has begun deploying a secure 802.1X Cisco and Xirrus unlimited network. In addition to locking the fully open wireless network in the university, the problem they face is to find an optimal solution to make their deployment faster and minimize service interruption to users, it also supports a variety of user devices and network devices from different vendors. After careful evaluation of the products of the three vendors, Yang Bahan University chose the eTIPS of Avenda based on identity AAA and NAC platforms and the quick x endpoint Configuration Wizard of Avenda.

Mark Aughenbaugh, director of infrastructure at the University of Yang Bahan, said, "Avenda has long been very experienced in this regard about the policy to enforce 802.1X usage. They have very mature products ."

In addition, Yang baihan University chose to use Avenda's Quick1X endpoint configuration product to help streamline their processes. Aughenbaugh says with Quick1X, they can easily install and configure 802.1X on each device. Finally, a network-based portal allows you to use a pre-defined configuration template to run the guide, which simplifies the program and deletes the Help Desk configured for each computer.

"Avenda's solution enables us to easily solve previous wireless problems and it runs very well. We started to focus on when to deploy 802.1X security measures for our wired and VPN networks .," Aughenbaugh said, "Our main security goals have been achieved. In fact, we now have network access visibility that we do not have. We can observe the connection and usage details of each user, which helps us adjust the wireless network and improve the user experience ."

The Yang baihan university team used the following best practices to ensure smooth 802.1X deployment. They believe that these practices apply to any enterprise or organization:

1. Deploy a solution that supports all existing infrastructure and works in a multi-vendor environment. This is particularly important in the case of Yang baihan university because their network consists of 240 access endpoints from Cisco and Xirrus, dynamic directories and other components play an active role.

2. Find a method that includes RADIUS and using your existing RADIUS architecture to work smoothly.

3. In terms of user configuration support, find a way to support multiple operating systems, such as Windows 7, Windows Vista, Mac OS X, Mac iOS, and Linux.

4. Make sure that the user configuration tool can create multiple pre-configuration packages, so that you can set different configuration options for different objects such as students, employees, and visitors.

5. Make sure that you can get an easy-to-use tool or wizard. You can complete the configuration process with just a few clicks.

6. Make sure that the IT department can easily configure and allocate the latest software packages as required by configuration or policy changes.

Original: Linda Musthaler

This document is a specific BKJIA translation. You must mark the author and source for reprinting !]

1. Seven tricks to solve 802.11n wireless network FAQs
2. 802.11ac Gigabit wireless standard enabled 11n is still accelerating