SlideShare une entreprise Scribd logo

Implementing 802.1x Authentication

Télécharger en tant que PPT, PDF
D
dkaya

This is the presentation of my 802.1x Authentication seminar at New Horizons of Sofia, at 22.10.2008.

Technologie
1  sur  30
802.1X Authentication Deniz Kaya Microsoft, Cisco, Ironport Trainer CCSI, CCNP, MCT, MCSE, ICSI, ICSP, CPTS
… While the Assets Needing to be Protected are Expanding Service Provider/ Internet Teleworker City Hall VPN Head-End Cable Provider 831 Library Partner/Vendor One physical network, must accommodate multiple logical networks (user groups) each with own rules. Airport
IDENTITY: So, you said MAC Address ? Win 2K & XP allow easy change for MAC addresses MAC address is not an authentication mechanism…
Determining “who” gets access and “what” they can do User Identity Based Network Access User Based Policies Applied (BW, QoS etc) Campus Network ,[object Object],[object Object],[object Object],[object Object],Authorized Users/Devices Unauthorized Users/Devices
What Exactly Is 802.1x? ,[object Object],[object Object],[object Object],[object Object]
Some IEEE Terminology AAA/RADIUS Server Authentication Server Network Access Device Authenticator Client Supplicant Normal People Terms IEEE Terms
What Does it Do? ,[object Object],[object Object],802.1x Header EAP Payload
What is RADIUS? ,[object Object],[object Object],[object Object],[object Object],RADIUS Header EAP Payload UDP Header
802.1x – enhancing LAN security Topology
Wired Access Control Model ,[object Object],[object Object],Client and Switch Talk 802.1x Switch Speaks to Auth Server Using RADIUS Actual Authentication Conversation Is between Client and Auth Server Using EAP; the Switch Is Just a Middleman, but Is Aware of What’s Going on
Identity Based Network Services ,[object Object],[object Object],VLAN 10 Engineering VLAN AAA Radius Server 802.1x Authentication Server Active Directory Login and Certificate Services 802.1x Capable Access Devices 802.1x Capable Client IEEE802.1x + VLANS + VVID + ACL + QoS Login Request Login Info Verify Login and Check with Policy DB Login Good! Apply Policies Switch applies policies and enables port. Login + Certificate Login Verified 6500 Series Access Points 4000 Series 3550/2950 Series
802.1x client implementation in Windows ,[object Object],[object Object],[object Object],[object Object],[object Object]
802.1x in Microsoft Windows Machine and user authentication Startup Machine Machine credentials available (use machine credentials) Machine authentication success Machine authentication failure User logon User credentials available (use user credentials) User authentication success User authentication failure User logoff
Windows Machine Authentication Power Up Load NDIS drivers DHCP Setup Secure Channel to DC Update GPOs Apply Computer GPOs Present GINA (Ctrl-Alt-Del) Login 802.1x Authenticate as Computer ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
802.1x in Microsoft Windows 802.1x authentication configuration page ,[object Object],[object Object],[object Object]
What is EAP? ,[object Object],[object Object]
EAP TLS GSS_API Kerberos PEAP MS-CHAPv2 TLS IKE MD5 EAP PPP 802.3 802.5 802.11 Other… method layer EAP layer media layer
802.1x authentication client EAP methods available in Windows ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
802.1x authentication client EAP methods – wired and wireless networks
EAP with MD5 Authenticator Peer cleartext password cleartext password Random challenge identity-request identity-response (username) success or failure MD5-challenge -request MD5-challenge -response R = MD5(password,challenge) Check that MD5(password,challenge) equals the response
802.1x with EAP-TLS Local store certificates ,[object Object],[object Object],[object Object],[object Object]
802.1x with EAP-TLS Configuration page ,[object Object],[object Object]
802.1x with EAP-TLS Smart card certificates ,[object Object],[object Object],[object Object],[object Object]
802.1x with PEAP-MSCHAPv2 What to consider ,[object Object],[object Object],[object Object],[object Object]
802.1x with PEAP-MSCHAPv2 Configuration page ,[object Object]
Campus Identity - Supplicants ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Windows HP Jet Direct Solaris 7920 Apple IP Phones WLAN APs Pocket PC
802.1x Port based network access control ,[object Object],[object Object],[object Object],[object Object]
Know before you start ! ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Demo – Wired Client Authentication 802.1x with PEAP-MSCHAPv2 ,[object Object],[object Object],[object Object],[object Object],[object Object]
New Horizons' Partners

Recommandé

AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
RADIUS
RADIUSRADIUS
RADIUSamogh_ubale
 
802.1x
802.1x802.1x
802.1xakruthi k
 
802.1x authentication
802.1x authentication802.1x authentication
802.1x authenticationXiaoqi Zhao
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Active directory domain services
Active directory domain servicesActive directory domain services
Active directory domain servicesIGZ Software house
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesAruba, a Hewlett Packard Enterprise company
 
Active directory
Active directory Active directory
Active directory deshvikas
 

Recommandé

AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
RADIUS
RADIUSRADIUS
RADIUSamogh_ubale
 
802.1x
802.1x802.1x
802.1xakruthi k
 
802.1x authentication
802.1x authentication802.1x authentication
802.1x authenticationXiaoqi Zhao
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Active directory domain services
Active directory domain servicesActive directory domain services
Active directory domain servicesIGZ Software house
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesAruba, a Hewlett Packard Enterprise company
 
Active directory
Active directory Active directory
Active directory deshvikas
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOSFaelix Ltd
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass OverviewJoAnna Cheshire
 
Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Febrian ‎
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
 
VLAN Trunking Protocol
VLAN Trunking ProtocolVLAN Trunking Protocol
VLAN Trunking ProtocolNetwax Lab
 
LDAP
LDAPLDAP
LDAPKhemnath Chauhan
 
OAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerOAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerShiu-Fun Poon
 
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingEMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingAruba, a Hewlett Packard Enterprise company
 
Radius1
Radius1Radius1
Radius1balamurugan.k Kalibalamurugan
 
ccna
ccnaccna
ccnaSaimir Ciraku
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersYoram Orzach
 
Aruba instant 6.4.0.2 4.1 user guide
Aruba instant 6.4.0.2 4.1 user guideAruba instant 6.4.0.2 4.1 user guide
Aruba instant 6.4.0.2 4.1 user guideAruba, a Hewlett Packard Enterprise company
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Canada
 
Ospf.ppt
Ospf.pptOspf.ppt
Ospf.pptEdgardo Scrimaglia
 
WPA2
WPA2WPA2
WPA2Mshari Alabdulkarim
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba, a Hewlett Packard Enterprise company
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacksprimeteacher32
 
802.1x
802.1x802.1x
802.1xAlp isik
 
Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 xSwapnil Kapate
 

Contenu connexe

Tendances

MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOSFaelix Ltd
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Febrian ‎
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
 
VLAN Trunking Protocol
VLAN Trunking ProtocolVLAN Trunking Protocol
VLAN Trunking ProtocolNetwax Lab
 
OAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerOAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerShiu-Fun Poon
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersYoram Orzach
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Canada
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 

Tendances (20)

Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOS
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
 
Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
 
VLAN Trunking Protocol
VLAN Trunking ProtocolVLAN Trunking Protocol
VLAN Trunking Protocol
 
LDAP
LDAPLDAP
LDAP
 
OAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerOAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPower
 
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingEMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
 
Radius1
Radius1Radius1
Radius1
 
ccna
ccnaccna
ccna
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filters
 
Aruba instant 6.4.0.2 4.1 user guide
Aruba instant 6.4.0.2 4.1 user guideAruba instant 6.4.0.2 4.1 user guide
Aruba instant 6.4.0.2 4.1 user guide
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group Tagging
 
Ospf.ppt
Ospf.pptOspf.ppt
Ospf.ppt
 
WPA2
WPA2WPA2
WPA2
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacks
 

En vedette

802.1x Authentication Standard
802.1x Authentication Standard802.1x Authentication Standard
802.1x Authentication StandardDan Miller
 
ACSR Clear Pass Policy Manager
ACSR Clear Pass Policy ManagerACSR Clear Pass Policy Manager
ACSR Clear Pass Policy ManagerAli Badr
 
Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 xmatoko
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesCisco Canada
 
IEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationIEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationAxis Communications
 
802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for SeacoastSithideth Banavong
 
Heartbleed && Wireless
Heartbleed && WirelessHeartbleed && Wireless
Heartbleed && WirelessLuis Grangeia
 
Mitigating worm attacks
Mitigating worm attacksMitigating worm attacks
Mitigating worm attacksdkaya
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and UpdateCisco Canada
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISECisco Canada
 
VMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's BackboneVMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's BackboneVMworld
 
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld
 

En vedette (20)

802.1x
802.1x802.1x
802.1x
 
Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 x
 
802.1x Authentication Standard
802.1x Authentication Standard802.1x Authentication Standard
802.1x Authentication Standard
 
ACSR Clear Pass Policy Manager
ACSR Clear Pass Policy ManagerACSR Clear Pass Policy Manager
ACSR Clear Pass Policy Manager
 
Report Master
Report MasterReport Master
Report Master
 
Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 x
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best Practices
 
Présentation Master
Présentation Master Présentation Master
Présentation Master
 
IEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationIEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ Implementation
 
802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MAB
 
Heartbleed && Wireless
Heartbleed && WirelessHeartbleed && Wireless
Heartbleed && Wireless
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise Networks
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
 
Mitigating worm attacks
Mitigating worm attacksMitigating worm attacks
Mitigating worm attacks
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and Update
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
 
VMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's BackboneVMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's Backbone
 
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
 
IEEE 802.1x
IEEE 802.1xIEEE 802.1x
IEEE 802.1x
 

Similaire à Implementing 802.1x Authentication

wireless lan security.ppt
wireless lan security.pptwireless lan security.ppt
wireless lan security.pptSagarBedarkar3
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
Technet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager PresentationTechnet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager Presentationjasonlan
 
Wireless security
Wireless securityWireless security
Wireless securityparipec
 
ISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustInformation Security Services SA
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustInformation Security Services SA
 
Remote access service
Remote access serviceRemote access service
Remote access serviceApoorw Pandey
 
Wi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyWi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyKarri Huhtanen
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3webhostingguy
 
기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...
기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...
기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...Amazon Web Services Korea
 
WLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALAWLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALASaikiran Panjala
 
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfConfiguring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfdjameleddine2015
 
AWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAmazon Web Services
 

Similaire à Implementing 802.1x Authentication (20)

Sem cis ise
Sem cis iseSem cis ise
Sem cis ise
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 Authentication
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
wireless lan security.ppt
wireless lan security.pptwireless lan security.ppt
wireless lan security.ppt
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Technet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager PresentationTechnet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager Presentation
 
Wi Fi Technology
Wi Fi TechnologyWi Fi Technology
Wi Fi Technology
 
Wireless security
Wireless securityWireless security
Wireless security
 
ISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de Entrust
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
 
Remote access service
Remote access serviceRemote access service
Remote access service
 
AAA server
AAA serverAAA server
AAA server
 
Wi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyWi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and Privacy
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3
 
기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...
기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...
기업 환경 변화에 신속하게 대응하는 안전한 솔루션 : AWS End User Computing – 김종선 :: AWS Builders On...
 
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
 
Iuwne10 S04 L04
Iuwne10 S04 L04Iuwne10 S04 L04
Iuwne10 S04 L04
 
WLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALAWLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALA
 
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfConfiguring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
 
AWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel Aviv
 

Plus de dkaya

Ccna security
Ccna securityCcna security
Ccna securitydkaya
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasuresdkaya
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Trafficdkaya
 
Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windowsdkaya
 
Implementing Cisco AAA
Implementing Cisco AAAImplementing Cisco AAA
Implementing Cisco AAAdkaya
 
Cisco Ccna Certification
Cisco Ccna CertificationCisco Ccna Certification
Cisco Ccna Certificationdkaya
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Securitydkaya
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
Microsoft Days 09 Windows 2008 Security
Microsoft Days 09 Windows 2008 SecurityMicrosoft Days 09 Windows 2008 Security
Microsoft Days 09 Windows 2008 Securitydkaya
 
Ironport Data Loss Prevention
Ironport Data Loss PreventionIronport Data Loss Prevention
Ironport Data Loss Preventiondkaya
 

Plus de dkaya (10)

Ccna security
Ccna securityCcna security
Ccna security
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasures
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Traffic
 
Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windows
 
Implementing Cisco AAA
Implementing Cisco AAAImplementing Cisco AAA
Implementing Cisco AAA
 
Cisco Ccna Certification
Cisco Ccna CertificationCisco Ccna Certification
Cisco Ccna Certification
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Security
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacks
 
Microsoft Days 09 Windows 2008 Security
Microsoft Days 09 Windows 2008 SecurityMicrosoft Days 09 Windows 2008 Security
Microsoft Days 09 Windows 2008 Security
 
Ironport Data Loss Prevention
Ironport Data Loss PreventionIronport Data Loss Prevention
Ironport Data Loss Prevention
 

Dernier

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Dernier (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

Implementing 802.1x Authentication

  • 1. 802.1X Authentication Deniz Kaya Microsoft, Cisco, Ironport Trainer CCSI, CCNP, MCT, MCSE, ICSI, ICSP, CPTS
  • 2. … While the Assets Needing to be Protected are Expanding Service Provider/ Internet Teleworker City Hall VPN Head-End Cable Provider 831 Library Partner/Vendor One physical network, must accommodate multiple logical networks (user groups) each with own rules. Airport
  • 3. IDENTITY: So, you said MAC Address ? Win 2K & XP allow easy change for MAC addresses MAC address is not an authentication mechanism…
  • 4.
  • 5.
  • 6. Some IEEE Terminology AAA/RADIUS Server Authentication Server Network Access Device Authenticator Client Supplicant Normal People Terms IEEE Terms
  • 7.
  • 8.
  • 9. 802.1x – enhancing LAN security Topology
  • 10.
  • 11.
  • 12.
  • 13. 802.1x in Microsoft Windows Machine and user authentication Startup Machine Machine credentials available (use machine credentials) Machine authentication success Machine authentication failure User logon User credentials available (use user credentials) User authentication success User authentication failure User logoff
  • 14.
  • 15.
  • 16.
  • 17. EAP TLS GSS_API Kerberos PEAP MS-CHAPv2 TLS IKE MD5 EAP PPP 802.3 802.5 802.11 Other… method layer EAP layer media layer
  • 18.
  • 19. 802.1x authentication client EAP methods – wired and wireless networks
  • 20. EAP with MD5 Authenticator Peer cleartext password cleartext password Random challenge identity-request identity-response (username) success or failure MD5-challenge -request MD5-challenge -response R = MD5(password,challenge) Check that MD5(password,challenge) equals the response
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.

Notes de l'éditeur

  1. My name is Deniz Kaya and today I will be speaking about 802.1x authentication standard, how to configure it on Cisco Catalyst Switches and also 802.1x authentication client in Microsoft Windows. In the year 2000, IEEE created the 802.1x specification. This was done to further protect wired and wireless networks. First of all, I want to lay the groundwork of what 802.1x authentication really is, and how it enhances network security. We'll talk briefly about the specifics of the protocol, and we'll also get into implementation and EAP methods (Extensible Authentication Protocol methods). And then we'll talk about the kind of configuration and the type of scenarios that you'll be using 802.1x in.