Thursday, April 3, 2014

802.1x explained-- In my words.

A typical wireless network is setup something like this: You have to have a super secret key (or not) to join someone's WIFI network. If you have the key, you have access -- that simple. It's called WEP-PSK or WPA-PSK (pre-shared key). Say you want only the people inside your organization to be able to join the network and do not want to use a PSK. Since they're always leaked to everyone and their distant family. The answer is 802.1x. In this setup you specify which computers/users have access and they have to have an authorized account to join. So if you have a user account you can join any device to the network. Let's take it a bit further and say you want all of your users to have access, but only with equipment that your organization has issued them. The answer is still 802.1x, but with certificates. I give device X a certificate and that computer can join the network. After the join the user authenticates with our servers (not the WIFI). Now some random WIFI enabled client can't jump on our network unless he's part of our organization or I give them a certificate.

The reason why this is important besides security is this: At our high school we have 3 COWs (Computer On Wheels). We've had this problem to where if you're not on the network you cannot login. Well you cannot get on the network without logging in. See the problem here? So if you set it up so the computer authenticates without need for user interaction the user can successfully login without the need to authenticate with the server because the computer authenticates (as itself).

Presto! The computers are joined to the WIFI prior to users logging in. Allowing them to authenticate successfully without having to do anything.

This seems obvious, but it was a problem I've been having for quite sometime and I completely overlooked it.

A future post will be coming to show how I accomplished this.

No comments:

Post a Comment