Recent Articles


We Don't Need An Information Security Industry
As much as I respect Bruce Schneier, and usually follow what he says with few if any questions, I think what he is missing with his speech in London is the Human Element. Humans are flawed, and human creations are flawed, including software/hardware and societies.

Fortinet Firewall Transparent Mode
The Fortinet 50A is a firewall router designed for 10 users or less (this is an older model, now replaced by the 50B). Out of the box, it is configured as a NAT DHCP device at 192.168.1.99. I simply plugged my Mac Powerbook into the Fortinet's "internal" port...

Security Pen Testing - Google Hacking
If you are a security pen tester, you should know about the Google Hacking Database over at Johnny I Hack Stuff. There are a number of sites that deal with search engines and using them to discover vulnerabilities in systems and services that the site owners might...

Information Security Leaders
This was written soon after having listened to both the CISO of Cisco, and one of the primary think tank leaders from Gartner Group in December of 2005. The idea of the conversations was that business and IT need to merge was radical a year and a half ago, now we...

The Passive Interface Command And OSPF
To pass the BSCI exam and become a CCNP, you have to be aware of the proper use of passive interfaces. You learned about passive interfaces in your CCNA studies , but here we'll review the basic concept and clear up one misconception regarding passive interfaces...


05.17.07

The 802.1X Supplicant Initiative

By Steve Duplessie

First let me state that those are words I barely understand, and until recently have never even used the word "supplicant", correctly or otherwise.

Having said that, kudos to Jon Oltsik for seeing a wrong in the world of IT and doing something about it. It turns out that some big guys bought some little guys and because of that, other big guys were about to have to create their own proprietary ways to provide basic security connectivity features for their edge products. No one really cared about giving a few bucks to Funk software (bought by Juniper) or to Meetinghouse (bought by Cisco), or using Microsoft's implementation when it was all but free, and really, who cares about Funk or Meetinghouse? When Cisco buys one and then Juniper the other, the picture changes. Since other big guys don't want to A: pay competitors and B: support the competitive cause, the only way around ending up with another batch of confusing, proprietary IT problems was to get everyone on board with an open source standard. There is no value in having a proprietary way to connect to something, but there are a ton of potential problems with having to do so.

Here are some FAQ's from their site - www.openseaalliance.org

What work is the alliance undertaking?

The initial effort will be to support the development of a robust open-source 802.1X supplicant.

What is 802.1X?

802.1X is an IEEE standard providing port authentication in LANs. It has since been used extensively in 802.11 wireless security and is a part of WPA. It is increasingly seeing use in wired Ethernet environments as well. The 802.1X specification provides an authentication framework enabling endpoint devices to be authenticated by a central authentication service. The 802.1X specification uses the Extensible Authentication Protocol (EAP) for exchanging messages as part of the authentication process.

Low Rate eCommerce & Retail Plans

What is an 802.1X supplicant?

An 802.1X supplicant acts as the client side of a client/server authentication handshake. When an 802.1X supplicant tries to access a network, it is challenged for authentication credentials by an 802.1X authenticator (typically an Ethernet switch or Wireless Access Point). The supplicant and authenticator then exchange authentication credentials over a particular type of EAP (i.e. PEAP, EAP-TLS, EAP-TTLS). When the supplicant provides authentication credentials, the authenticator forward them on to an authentication server via the RADIUS protocol for verification. If the authentication credentials are valid, the authentication server sends an "accepted" message to the authenticator which then grants network access to the supplicant.

Continue reading this article.

About the Author:
Steve Duplessie is the author of the "Steve's IT Rants" blog, and the founder and Sr. Analyst of the Enterprise Strategy Group.
About SysAdminNews
SysAdminNews is a collection of articles, news and commentary designed to keep system administrators informed about the latest trends impacting their profession. Updates and Advice for System Administrators

SysAdminNews is brought to you by:

SecurityConfig.com NetworkingFiles.com
NetworkNewz.com WebProASP.com
SysAdminNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com ITManagementNews.com

-- SysAdminNews is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2007 iEntry, Inc.  All Rights Reserved  Privacy Policy  Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article



Database Forum Updates and Advice for System Administrators SysAdminNews News Archives About Us Feedback SysAdminNews.com About Article Archive News Downloads WebProWorld Forums iEntry Advertise Contact Jayde