802.1X can be a complex topic to digest and, like the rest of networking, it can be overwhelming where to start learning about it. Luckily, we’ve been fortunate enough to have worked with 802.1X since it’s inception, and did the best job we could to explain everything we know about it. Below we will cover how 802.1X works, it’s components, what it’s used for, vulnerabilities, how to set it up, and much much more.

You are watching: Which of the following applications typically use 802.1x authentication

What is IEEE 802.1X?

Devices attempting to connect to a LAN or WLAN require an authentication mechanism. IEEE 802.1X, an IEEE Standard for Port-Based Network Access Control (PNAC), provides protected authentication for secure network access.

*

An 802.1X network is different from home networks in one major way; it has an authentication server called a RADIUS Server. It checks a user’s credentials to see if they are an active member of the organization and, depending on the network policies, grants users varying levels of access to the network. This allows unique credentials or certificates to be used per user, eliminating the reliance on a single network password that can be easily stolen.

How does 802.1X work?

802.1X is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. The RADIUS server is able to do this by communicating with the organization’s directory, typically over the LDAP or SAML protocol.

What is 802.1X EAP Security?

The standard authentication protocol used on encrypted networks is Extensible Authentication Protocol (EAP), which provides a secure method to send identifying information over-the-air for network authentication. 802.1X is the standard that is used for passing EAP over wired and wireless Local Area Networks (LAN). It provides an encrypted EAP tunnel that prevents outside users from intercepting information.

The EAP protocol can be configured for credential (EAP-TTLS/PAP and PEAP-MSCHAPv2) and digital certificate (EAP-TLS) authentication and is a highly secure method for protecting the authentication process.


WPA2-Enterprise Protocols

Level of EncryptionAuthentication SpeedDirectory SupportUser Experience
EAP-TLSPublic-Private Key CryptographyFast – 12 StepsSAML/LDAP/MFA ServersBest
PEAP-MSCHAPV2Encrypted CredentialsSlow – 22 StepsActive DirectoryAcceptable
EAP-TTLS/PAPNon-Encrypted CredentialsSlowest – 25 StepsNon-AD LDAP ServersPoor

What is 802.1X used for?

802.1X is used for secure network authentication. If you are an organization dealing with valuable and sensitive information, you need a secure method of transporting data. 802.1X is used so devices can communicate securely with access points (enterprise-grade routers). It was historically only used by large organizations like enterprises, universities, and hospitals, but is rapidly becoming adopted by smaller businesses because of the growing threats in cyber security.

802.1X is often referred to as WPA2-Enterprise. In contrast, the Pre-Shared Key network security most often used at home is referred to as WPA2-Personal. WPA2-Personal is not sufficient for any organization dealing with sensitive information and can put organizations at serious risk for cyber crimes.

Are IEEE 802.1X and Wi-Fi the same?

Almost. The IEEE 802.1X standard was first designed for use in wired Ethernet networks. Wi-Fi is a trademarked phrase that refers to the IEEE 802.11x standard specifically – a modified version of the original standard.

That being said, most security and networking professionals use the term 802.1X for both wired and wireless networks if they are using WPA2-Enterprise security.

What is wired 802.1X?

Authenticating a wired network connection for 802.1X is a similar process to wireless. The wired network user must connect to the secure network from their device and present a signed certificate or valid credentials to authenticate their identity.

The primary difference is instead of establishing a secure connection with a wireless switch, your device must be Ethernet connected and authenticate to an 802.1X-capable switch. The device and RADIUS server establish trust over the wired connection and if the user is recognized, they will be authorized for secure network use.

How Secure is 802.1X?

When used correctly, it is the golden standard of network authentication security. It can prevent over-the-air credential theft attacks like Man-in-the-Middle attacks and Evil Twin proxies. It is much more secure than Pre-Shared Key networks, which are typically used in personal networks.

However, 802.1X security can vary greatly depending on two factors. The first variable occurs if end users are left to manually configure their devices. The configuration process requires high-level IT knowledge to understand and if one step is incorrect, they are left vulnerable to credential theft. We highly recommend using dedicated 802.1X onboarding software instead.

The second variable depends on whether an organization is using credential-based authentication or certificate-based authentication. Certificate-based EAP-TLS significantly reduces an organization’s risk for credential theft and is the most secure way to use 802.1X. Not only does it stop credentials from being sent over the air where they can be easily stolen, but it forces users to go through an enrollment/onboarding process that ensures their devices are configured correctly.

Is 802.1X encrypted?

Yes, 802.1X is encrypted.

802.1X WPA is generally reserved for personal networks, such as your home Wi-Fi, and runs on RC4-based TKIP (Temporal Key Integrity Protocol) encryption. It’s less secure than WPA2, but usually sufficient for home use.

See more: When I Close My Eyes I See You By My Side Lyrics, What Song Has The Lyrics 'I Close My Eyes'

802.1X WPA2 could utilize TKIP, but generally chooses AES (Advanced Encryption Standard), which is the most secure standard available. It is a little more difficult and costly to set up however, so it’s used in higher-stake environments like businesses.