I have become increasingly impressed with the use of 802.1x for authentication of equipment on hardwired systems. Physical port security I think is still one of the big issues with most networks. While most NT networks will not allow a computer to utilize network resources if it does not authenticate to the domain, many networks will still allow a computer brought in off the street and plugged into a port formerly occupied by an authorized machine and the DHCP server will happily hand over an IP address to use for internet connectivity.
I know that basic port security can be configured, but most times it is far to an administrative burden to be used.
802.1x however shuts off access at the switch port, no matter where on a network the machine is plugged in, until authentication information is confirmed with a domain controller for instance. Only the 802.1x authentication protocol can be transmitted.
An Ideal solution would be to have some time of automated IDS detect a trend and have it automatically suspend switch port access until it can be looked at.
Slashdot Mirror
This wouldn't be the first time a launched satellite has been 'lost' on purpose.
I have become increasingly impressed with the use of 802.1x for authentication of equipment on hardwired systems. Physical port security I think is still one of the big issues with most networks. While most NT networks will not allow a computer to utilize network resources if it does not authenticate to the domain, many networks will still allow a computer brought in off the street and plugged into a port formerly occupied by an authorized machine and the DHCP server will happily hand over an IP address to use for internet connectivity. I know that basic port security can be configured, but most times it is far to an administrative burden to be used. 802.1x however shuts off access at the switch port, no matter where on a network the machine is plugged in, until authentication information is confirmed with a domain controller for instance. Only the 802.1x authentication protocol can be transmitted. An Ideal solution would be to have some time of automated IDS detect a trend and have it automatically suspend switch port access until it can be looked at.