Securing Network Access with 802.1X, Radius, and LDAP

SHUTTING OUT STRANGERS

Article from Issue 52/2005

Author(s): MICHAEL SCHWARTZKOPFF

The Radius protocol is typically used to authenticate users in dial-up scenarios. But Radius is also useful in LAN environments: in combination with 802.1X, Radius forces users to authenticate at a low level before the switch opens up a port.

Attacks from internal networks are dangerous and more difficult to prevent than external attacks. An attacker who plugs in to an internal network with a laptop gains wide-ranging access to network data. One way of preventing an attack is to implement an authentication function in OSI Layer 2 using the 802.1X [1] protocol. An 802.1X-capable switch and a Freeradius server are all you need to implement Layer 2 authentication. Because Layer 2 authentication operates at the level of the local, physical network, it prevents an intruder from even using the physical network without authentication. Radius (Remote Authentication Dial-in User Service Protocol) responses from a Linux server typically include the IP address and standard gateway for the user, but the protocol has more potential. You can use a Radius server to assign a VLAN to the user’s switch port. This technique avoids the need for a complex router infrastructure, but still restricts the size of the broadcast domain.

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES

SUBSCRIPTIONS

Print Subs

Digisubs

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia

Related content

IEEE 802.1X

Did you think the IEEE 802.1X standard is only for wireless? We show you how to set up a network access control system on a wired network with IEEE 802.1X and a FreeRADIUS server.

more »
Uranos Installation Framework

The virtualization breakthrough has not reduced the number and diversity of operating systems that admins must install and manage. Uranos server sets out to give administrators of complex operating system zoos more freedom.

more »
Hotspotter

Security experts are always concerned with WLAN access points, but they sometimes forget that the client is also open to attack. Public hotspots make it quite easy for attackers to hijack connections, as the Hotspotter tool demonstrates.

more »

comments powered by Disqus

Visit Our Shop

Trial Subscription

Digital Subscription

Subscribe

Direct Download

Read full article as PDF:

Freeradius_802.1X.pdf (295.87 kB)

DevOps

Reinvent your network with DevOps tools and techniques:

Opportunities and Risks: Containers for DevOps
Automated Builds Using CentOS 7 and Kickstart
Elasticsearch, Logstash, and Kibana – The ELK stack
Are you ready for DevOps? Try your luck with the beta version of Linux Professional Institute's new DevOps exam.

News

LibreOffice 5.4 Released

Comes with improved support for Microsoft Office file formats.
Red Hat to Drop Support for Btrfs

The company is building their own storage solution called Stratis.
Reinvent your network with DevOps tools and techniques:

Opportunities and Risks: Containers for DevOps
Automated Builds Using CentOS 7 and Kickstart
Elasticsearch, Logstash, and Kibana – The ELK stack
Are you ready for DevOps? Try your luck with the beta version of Linux Professional Institute's new DevOps exam.
Kolab Now Integrates Collabora Online

Kolab Now subscribers now have access to Collabora Online.
Endless OS, a Distribution Without Internet

A new version of Endless OS has been released.
GitHub Announces Open Source Friday Program

They encourage people to take time out and work on open source projects on Friday.
System76 Announces Their Own Distro, Pop!_OS

Pop!_OS is based on Ubuntu and uses the Gnome stack.
Linus Torvalds Talks About His Motivation

He never tires of working on the Linux kernel.
Debian 9 Stretches Its Wings

The new release of Debian has a very strong focus on security.
Trojan Turns Raspberry Pi into a Cryptocurrency Mining Device

Two trojans in the wild are targeting Linux machines.