پروتکل IEEE 802.1 X
پروتکل IEEE 802.1 X
As we know in most corporate networks, systems, Active Directory Users and physically connect different computer such as Laptop by a guest and unauthorized access to network resources can be considered a threat to its security. Also some users format and reinstall the OS and the computer can access Active Directory organizational membership as much as administrators and are hereby lifted in Network Disrupt.
راه حل ساده اما ناکارمد برای مقابله با بخشی از تهدیدات فوق آن است که MAC-Address تمامی سیستمهای سازمانی را در سویچها تعریف کرده و بدینوسیله با اتصال یک کامپیوتر ناشناس، سویچ میتواند پورت را مسدود کرده و از ورود کاربر خاطی جلوگیری به عمل آورد. The following figure indicates the subject:
The use of LAN networks and their security is vulnerable to various attacks, the layer 2 IEEE thinking led to the creation of security protocols.
However, the above solution has the disadvantage:
- The offender can acquire MAC-Address of virtualized systems to change your address, or MAC-Address Spoofing thus spoofing the identity switch system and the person is permitted to Network Accesses. In the following stages of forgery and deception switch easily seen:
- Assume that the enterprise computers connected to the switch is not in principle among the new system, usually an organization from the Active Directory user access is limited and does not admin of. The user can format and reinstall the OS, and system administrators to easily remove your Domain Join your system and thereby disrupt the network. The mission, which aims to limit the user and the system administrator via Active-Directory is lost.
The second solution:
The use of security protocols IEEE 802.1x Is, in this way, the switch at baseline and before communication system with the network, the user or computer authentication and relevant information to the central server Domain Controller sends the server Join a computer user in Active-Directory Czech and in the absence of a member, declares to switch the system to communicate with the switch and the network is trespassing and therefore the first step the user will be disconnected from the network. Operation steps outlined in the following image: