Wired Network Security
10 12 2008I’m getting quite irritated by the complete lack of useful information on securing wired networks via 802.1X. I think it’s worth sharing some of the issues and solutions or work-arounds for a multi-vendor environment, which I’ll do over a series of posts.
Plenty of security vendors will describe how to setup their solutions in a single-vendor environment, but that doesn’t match the real world. I’ll start by listing out some components from a multi-platform environment. Subsequent posts will describe issues with each of the various components and key configuration points.
Client environment: Windows XP, Mac OS/X (10.4 and 10.5), Linux (Ubuntu LTS).
IP phones: Avaya 96xx, Cisco 79xx
Switches: Cisco 6500, 3750 and 3650
Firewalls: Juniper SSG (relevant for future NAC deployments)
RADIUS: Microsoft IAS, Infoblox, Juniper Infranet Controller (for future NAC deployments)
Issues: more machines than network drops at desks, authentication should be transparent to users, re-imaging machines, printers/scanners/etc, “stale” CRL from “root” CAs.
Categories : 802.1X, Security
