SlideShare a Scribd company logo

IEEE 802.1X and Axis’ Implementation

Axis Communications
Axis Communications

IEEE 802.1X is an authentication and authorization technique. Many Axis network video products support IEEE 802.1X as a security feature. In this white paper we will discuss the background as well as the working principle of IEEE 802.1X. We will also describe how 802.1X in Axis network camera products should be used, and when RADIUS (remote authentication dial-in user service) servers and switches are well configured.

1 of 6
Download to read offline
White paper ieee 802.1X and axis’ implementation
table of contents 1. introduction 3 2. General 3 3. Working principle 3 4. axis’ implementation of ieee 802.1X 4 5. Discussion and conclusion 5 6. helpful links 5
1. introduction Network security is a very important issue in the IP world. There are different levels of security when it comes to securing information being sent over IP networks. The first level is authentication and autho- rization. The user or device identifies itself to the network and the remote end by a username and pass- word, which are then verified before the device is allowed into the system. Added security can be achieved by encrypting the data to prevent others from using or reading the data. Common methods are HTTPS (also known as SSL/ TLS), VPN and WEP or WPA in wireless networks. IEEE 802.1X is an authentication and authorization technique. Many Axis network video products sup- port IEEE 802.1X as a security feature. In this white paper we will discuss the background as well as the working principle of IEEE 802.1X. We will also describe how 802.1X in Axis network camera products should be used, and when RADIUS (remote authentication dial-in user service) servers and switches are well configured. The intended audience of this document is technical personnel and system integrators. 2. General IEEE 802.1X is an IEEE Standard for port-based Network Access Control (“port” means the same physical connection to the LAN infrastructure). It is part of the IEEE 802.1 group of networking protocols. It pro- vides an authentication mechanism for devices to connect to a LAN, either establishing a connection or preventing the connection if authentication fails. IEEE 802.1X prevents what is called “port hi-jacking”; that is, when an unauthorized computer gets access to a network by getting to a network jack inside or outside a building. IEEE 802.1X is useful in, for example, network video applications since network cam- eras are often located in public spaces where a network jack can pose a security risk. In today’s enterprise networks, IEEE 802.1X is becoming a basic requirement for anything that is connected to a network. 3. Working principle There are three basic terms in 802.1X. The user or client that wants to be authenticated is called a sup- plicant. The actual server doing the authentication, typically a RADIUS server, is called the authentica- tion server. And the device in between, such as a switch, is called the authenticator. The protocol used in 802.1X is Extensible Authentication Protocol encapsulation over LANs (EAPOL). There are a number of modes of operation, but the most common case would look something like this (see Figure 1): 1. The authenticator sends an “EAP-Request/Identity” packet to the supplicant as soon as it detects that the network link is active (e.g., the supplicant, for example a network camera in a network video system, is connected to the switch). 2. The supplicant sends an “EAP-Response/Identity” packet to the authenticator. 3. The “EAP-Response/Identity” packet is then passed on to the authentication (RADIUS) server by the authenticator. 4. The authentication server sends back a challenge to the authenticator, such as with a token password system. 5. The authenticator unpacks this from IP and repackages it into EAPOL and sends it to the supplicant. Different authentication methods will vary this message and the total number of messages. EAP supports client-only authentication and strong mutual authentication. 6. The supplicant responds to the challenge by the authenticator. 7. The authenticator passes the response to the challenge onto the authentication server. 8. If the supplicant provides proper identity, the authentication server responds with a success message to the authenticator. 9. The success message is then passed onto the supplicant by the authenticator. The authenticator now allows access of the supplicant to the LAN, possibly restricted based on attributes that came back from the authentication server. For example, the authenticator might switch the supplicant to a particular virtual LAN or install a set of firewall rules. 3
Figure 1. EAP authentication procedure in IEEE 802.1X Authentication Server Authenticator Supplicant EAP Identity Request 1 RADIUS Access Request EAP Identity Response 3 2 RADIUS Access Challenge EAP Request/Challenge 4 5 RADIUS Access Request EAP Identity Response 7 6 RADIUS Access Accept EAP Success 8 9 What should be noted is that setting up and configuring 802.1X is a fairly complex procedure, and it is important that RADIUS servers, switches and clients (like Axis cameras) are set up correctly. 4. axis’ implementation of ieee 802.1X To gain access to a protected network, the AXIS P1344 Network Camera, for example, must have a CA certificate, a Client certificate, as well as a Client private key. They should be created by the servers and are uploaded via a web interface or ftp. When the camera is connected to the switch, the camera will present its certificate to the network switch. If the certificate is approved, the switch allows the camera access on a preconfigured port. As pointed out previously, in order to use port-based authentication, the network must be equipped with a RADIUS server and a network switch with support for 802.1X. You may also need to contact your net- work administrator for information on certificates, user ID’s and passwords. The settings here enable the AXIS P1344 Network Camera to access a network protected by 802.1X/ EAPOL (Extensible Authentication Protocol Over Lan). There are many EAP methods available to gain access to a network. The one used by Axis is EAP-TLS (EAP-Transport Layer Security). Figure 2. Web interface with AXIS P1344 4
The client and the RADIUS server authenticate each other using digital certificates provided by a PKI (Public Key Infrastructure) signed by a Certification Authority. Note that to ensure successful certificate validation, time synchronization should be performed on all clients and servers prior to configuration. Further configuration of network cameras should be performed on a safe network to avoid MITM (Man In The Middle) attacks. Terms used in the web interface are described as follows: CA Certificate - This certificate is created by the Certification Authority for the purpose of validating itself, so the AXIS P1344 Network Camera needs this certificate to check the server’s identity. Provide the path to the certificate directly, or use the browse button to locate it. Then click the Upload button. To remove a CA certificate, click the Remove button. Client certificate/private key - The AXIS P1344 Network Camera must also authenticate itself using a client certificate and a private key. Provide the path to the certificate in the first field, or use the Browse button to locate it. Then click the Upload button. To remove a client certificate, click the Remove button. Alternatively, it may be possible to upload the client certificate and key in one combined file, (e.g. a PFX file or PEM file). Provide the path to the file, or use the Browse button to locate it. Click Upload to load the file. To remove a client certificate and key, click the Remove button. EAPOL version - Select the EAPOL version (1 or 2) used in your network switch. EAP identity - Enter the user identity associated with your certificate. A maximum of 16 characters can be used. Private key password - Enter the password (maximum 16 characters) for your user identity. 5. Discussion and conclusion In today’s enterprise networks, IEEE 802.1X is more and more required as a gatekeeper. Many Axis net- work video products support IEEE 802.1X as a security feature. Setting up 802.1X is a fairly complex procedure, and it is important that Radius servers, switches and clients (like Axis cameras) are set up correctly. However, when RADIUS servers and switches are well configured for 802.1X, it is quite straight- forward to configure and integrate Axis network products into the 802.1X system. 6. helpful links > www.axis.com/products/video/ > www.axis.com/products/video/about_networkvideo/security.htm 5
www.axis.com 37589/EN/R1/0912 about axis Communications Axis is an IT company offering network video solutions for professional installations. The company is the global mar- ket leader in network video, driving the ongoing shift from analog to digital video surveillance. Axis products and so- lutions focus on security surveillance and remote moni- toring, and are based on innovative, open technology platforms. Axis is a Swedish-based company, operating worldwide with offices in more than 20 countries and cooperating with partners in more than 70 countries. Founded in 1984, Axis is listed on the NASDAQ OMX Stockholm under the ticker AXIS. For more information about Axis, please visit our website at www.axis.com ©2009 Axis Communications AB. AXIS COMMUNICATIONS, AXIS, ETRAX, ARTPEC and VAPIX are registered trademarks or trademark applications of Axis AB in various jurisdictions. All other company names and products are trademarks or registered trademarks of their respective companies. We reserve the right to introduce modifications without notice.

Recommended

23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
Umang Gupta
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
Sapna Kumari
 
KERANGKA DASAR-DASAR TEKNIK JARINGAN KOMPUTER DAN TELEKOMUNIKASI.docx
KERANGKA DASAR-DASAR TEKNIK JARINGAN KOMPUTER DAN TELEKOMUNIKASI.docxKERANGKA DASAR-DASAR TEKNIK JARINGAN KOMPUTER DAN TELEKOMUNIKASI.docx
KERANGKA DASAR-DASAR TEKNIK JARINGAN KOMPUTER DAN TELEKOMUNIKASI.docx
HermantoHermanto34
 
Vpn (virtual private network) bag 2
Vpn (virtual private network) bag 2Vpn (virtual private network) bag 2
Vpn (virtual private network) bag 2Cak FeRi
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
Coursenvy.com
 
Network security
Network securityNetwork security
Network security
fatimasaham
 
Adli Bilişim Açısından E-posta Sistemi
Adli Bilişim Açısından E-posta SistemiAdli Bilişim Açısından E-posta Sistemi
Adli Bilişim Açısından E-posta SistemiBGA Cyber Security
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10
Pawel Rzepa
 

Recommended

23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
Umang Gupta
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
Sapna Kumari
 
KERANGKA DASAR-DASAR TEKNIK JARINGAN KOMPUTER DAN TELEKOMUNIKASI.docx
KERANGKA DASAR-DASAR TEKNIK JARINGAN KOMPUTER DAN TELEKOMUNIKASI.docxKERANGKA DASAR-DASAR TEKNIK JARINGAN KOMPUTER DAN TELEKOMUNIKASI.docx
KERANGKA DASAR-DASAR TEKNIK JARINGAN KOMPUTER DAN TELEKOMUNIKASI.docx
HermantoHermanto34
 
Vpn (virtual private network) bag 2
Vpn (virtual private network) bag 2Vpn (virtual private network) bag 2
Vpn (virtual private network) bag 2Cak FeRi
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
Coursenvy.com
 
Network security
Network securityNetwork security
Network security
fatimasaham
 
Adli Bilişim Açısından E-posta Sistemi
Adli Bilişim Açısından E-posta SistemiAdli Bilişim Açısından E-posta Sistemi
Adli Bilişim Açısından E-posta SistemiBGA Cyber Security
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10
Pawel Rzepa
 
Wi fi security
Wi fi securityWi fi security
Wi fi security
Virendra Thakur
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden Threat
Sam Bowne
 
Hping, TCP/IP Paket Üretici
Hping, TCP/IP Paket ÜreticiHping, TCP/IP Paket Üretici
Hping, TCP/IP Paket Üretici
BGA Cyber Security
 
Leaky bucket A
Leaky bucket ALeaky bucket A
Leaky bucket A
Syed Shaheer Gilani
 
Firewall
FirewallFirewall
Firewall
Umha Bummiedech
 
icmp , igmp
icmp , igmpicmp , igmp
icmp , igmp
AKSHIT KOHLI
 
Kelompok 2 VoIP
Kelompok 2 VoIPKelompok 2 VoIP
Kelompok 2 VoIP
Luthfi Hamzah
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
Kunal Thakur
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
limsh
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
Vikram Khanna
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and Analysis
Manjushree Mashal
 
Firewalls
FirewallsFirewalls
Firewalls
Kalluri Madhuri
 
Konsep Routing - v2.pptx
Konsep Routing - v2.pptxKonsep Routing - v2.pptx
Konsep Routing - v2.pptx
HasobrBlank
 
My Final Year Project
My Final Year ProjectMy Final Year Project
My Final Year Project
MOHAMMEDELALAM1
 
802.1x
802.1x802.1x
802.1x
akruthi k
 
Information Centric Networking
Information Centric NetworkingInformation Centric Networking
Information Centric Networking
Shahneel Siddiqui
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
Kebijakan Penggunaan Jaringan
Kebijakan Penggunaan JaringanKebijakan Penggunaan Jaringan
Kebijakan Penggunaan Jaringan
A Sisdianto Sumarna
 
E-posta Başlıklarından Bilgi Toplama
E-posta Başlıklarından Bilgi ToplamaE-posta Başlıklarından Bilgi Toplama
E-posta Başlıklarından Bilgi ToplamaBGA Cyber Security
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI Infrastructure
Shubham Sharma
 
Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 x
Swapnil Kapate
 
802.1x
802.1x802.1x
802.1x
Alp isik
 

More Related Content

What's hot

Wi fi security
Wi fi securityWi fi security
Wi fi security
Virendra Thakur
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden Threat
Sam Bowne
 
Hping, TCP/IP Paket Üretici
Hping, TCP/IP Paket ÜreticiHping, TCP/IP Paket Üretici
Hping, TCP/IP Paket Üretici
BGA Cyber Security
 
Leaky bucket A
Leaky bucket ALeaky bucket A
Leaky bucket A
Syed Shaheer Gilani
 
Firewall
FirewallFirewall
Firewall
Umha Bummiedech
 
icmp , igmp
icmp , igmpicmp , igmp
icmp , igmp
AKSHIT KOHLI
 
Kelompok 2 VoIP
Kelompok 2 VoIPKelompok 2 VoIP
Kelompok 2 VoIP
Luthfi Hamzah
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
Kunal Thakur
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
limsh
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
Vikram Khanna
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and Analysis
Manjushree Mashal
 
Firewalls
FirewallsFirewalls
Firewalls
Kalluri Madhuri
 
Konsep Routing - v2.pptx
Konsep Routing - v2.pptxKonsep Routing - v2.pptx
Konsep Routing - v2.pptx
HasobrBlank
 
My Final Year Project
My Final Year ProjectMy Final Year Project
My Final Year Project
MOHAMMEDELALAM1
 
802.1x
802.1x802.1x
802.1x
akruthi k
 
Information Centric Networking
Information Centric NetworkingInformation Centric Networking
Information Centric Networking
Shahneel Siddiqui
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
Kebijakan Penggunaan Jaringan
Kebijakan Penggunaan JaringanKebijakan Penggunaan Jaringan
Kebijakan Penggunaan Jaringan
A Sisdianto Sumarna
 
E-posta Başlıklarından Bilgi Toplama
E-posta Başlıklarından Bilgi ToplamaE-posta Başlıklarından Bilgi Toplama
E-posta Başlıklarından Bilgi ToplamaBGA Cyber Security
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI Infrastructure
Shubham Sharma
 

What's hot (20)

Wi fi security
Wi fi securityWi fi security
Wi fi security
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden Threat
 
Hping, TCP/IP Paket Üretici
Hping, TCP/IP Paket ÜreticiHping, TCP/IP Paket Üretici
Hping, TCP/IP Paket Üretici
 
Leaky bucket A
Leaky bucket ALeaky bucket A
Leaky bucket A
 
Firewall
FirewallFirewall
Firewall
 
icmp , igmp
icmp , igmpicmp , igmp
icmp , igmp
 
Kelompok 2 VoIP
Kelompok 2 VoIPKelompok 2 VoIP
Kelompok 2 VoIP
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and Analysis
 
Firewalls
FirewallsFirewalls
Firewalls
 
Konsep Routing - v2.pptx
Konsep Routing - v2.pptxKonsep Routing - v2.pptx
Konsep Routing - v2.pptx
 
My Final Year Project
My Final Year ProjectMy Final Year Project
My Final Year Project
 
802.1x
802.1x802.1x
802.1x
 
Information Centric Networking
Information Centric NetworkingInformation Centric Networking
Information Centric Networking
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
 
Kebijakan Penggunaan Jaringan
Kebijakan Penggunaan JaringanKebijakan Penggunaan Jaringan
Kebijakan Penggunaan Jaringan
 
E-posta Başlıklarından Bilgi Toplama
E-posta Başlıklarından Bilgi ToplamaE-posta Başlıklarından Bilgi Toplama
E-posta Başlıklarından Bilgi Toplama
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI Infrastructure
 

Viewers also liked

Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 x
Swapnil Kapate
 
802.1x
802.1x802.1x
802.1x
Alp isik
 
802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast
Sithideth Banavong
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MAB
Emerson Barros Rivas
 
802.1x Authentication Standard
802.1x Authentication Standard802.1x Authentication Standard
802.1x Authentication Standard
Dan Miller
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and Update
Cisco Canada
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
Cisco Canada
 
802.1x authentication
802.1x authentication802.1x authentication
802.1x authentication
Xiaoqi Zhao
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment Challenges
Aruba, a Hewlett Packard Enterprise company
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authentication
dkaya
 
Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
Aruba, a Hewlett Packard Enterprise company
 
Holistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimizationHolistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimization
Bangladesh Network Operators Group
 

Viewers also liked (13)

Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 x
 
802.1x
802.1x802.1x
802.1x
 
802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MAB
 
802.1x Authentication Standard
802.1x Authentication Standard802.1x Authentication Standard
802.1x Authentication Standard
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and Update
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
 
802.1x authentication
802.1x authentication802.1x authentication
802.1x authentication
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment Challenges
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authentication
 
Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
 
Holistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimizationHolistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimization
 

Similar to IEEE 802.1X and Axis’ Implementation

8021x feature config_guide
8021x feature config_guide8021x feature config_guide
8021x feature config_guide
Wilson Ospina
 
Sw8021x
Sw8021xSw8021x
Sw8021x
university fsr
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
Ishan Girdhar
 
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfConfiguring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
djameleddine2015
 
AAA Protocol
AAA ProtocolAAA Protocol
AAA Protocol
Netwax Lab
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2
Mohamed Loey
 
AAA server
AAA serverAAA server
AAA server
hetvi naik
 
WiFi Hotspot Password
WiFi Hotspot PasswordWiFi Hotspot Password
WiFi Hotspot Password
Maryam Namira
 
802 11 3
802 11 3802 11 3
802 11 3
rphelps
 
Ali shahbazi khojasteh dot1X
Ali shahbazi khojasteh dot1XAli shahbazi khojasteh dot1X
Ali shahbazi khojasteh dot1X
Ali Shahbazi Khojasteh
 
EAP-TLS (extended version)
EAP-TLS (extended version)EAP-TLS (extended version)
EAP-TLS (extended version)
Karri Huhtanen
 
Sem cis ise
Sem cis iseSem cis ise
Sem cis ise
Lino Quivén
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
Chaitanya Tata, PMP
 
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and PrivacyDisobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Karri Huhtanen
 
Wireless security
Wireless securityWireless security
Wireless security
paripec
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
Cisco Mobility
 
Authenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlAuthenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call Control
Warren Bent
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2
Warren Bent
 
Wi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyWi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and Privacy
Karri Huhtanen
 
E Snet Raf Essc Jan2005
E Snet Raf Essc Jan2005E Snet Raf Essc Jan2005
E Snet Raf Essc Jan2005
FNian
 

Similar to IEEE 802.1X and Axis’ Implementation (20)

8021x feature config_guide
8021x feature config_guide8021x feature config_guide
8021x feature config_guide
 
Sw8021x
Sw8021xSw8021x
Sw8021x
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
 
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfConfiguring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
 
AAA Protocol
AAA ProtocolAAA Protocol
AAA Protocol
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2
 
AAA server
AAA serverAAA server
AAA server
 
WiFi Hotspot Password
WiFi Hotspot PasswordWiFi Hotspot Password
WiFi Hotspot Password
 
802 11 3
802 11 3802 11 3
802 11 3
 
Ali shahbazi khojasteh dot1X
Ali shahbazi khojasteh dot1XAli shahbazi khojasteh dot1X
Ali shahbazi khojasteh dot1X
 
EAP-TLS (extended version)
EAP-TLS (extended version)EAP-TLS (extended version)
EAP-TLS (extended version)
 
Sem cis ise
Sem cis iseSem cis ise
Sem cis ise
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and PrivacyDisobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
 
Wireless security
Wireless securityWireless security
Wireless security
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
 
Authenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlAuthenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call Control
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2
 
Wi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyWi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and Privacy
 
E Snet Raf Essc Jan2005
E Snet Raf Essc Jan2005E Snet Raf Essc Jan2005
E Snet Raf Essc Jan2005
 

More from Axis Communications

I principali benefici della soluzione per la protezione anti-intrusione
I principali benefici della soluzione per la protezione anti-intrusioneI principali benefici della soluzione per la protezione anti-intrusione
I principali benefici della soluzione per la protezione anti-intrusione
Axis Communications
 
Infografica: perchè scegliere l'audio di rete?
Infografica: perchè scegliere l'audio di rete?Infografica: perchè scegliere l'audio di rete?
Infografica: perchè scegliere l'audio di rete?
Axis Communications
 
Illuminazione ad infrarossi
Illuminazione ad infrarossi Illuminazione ad infrarossi
Illuminazione ad infrarossi
Axis Communications
 
Come proteggere i piccoli esercizi dagli attacchi informatici
Come proteggere i piccoli esercizi dagli attacchi informatici Come proteggere i piccoli esercizi dagli attacchi informatici
Come proteggere i piccoli esercizi dagli attacchi informatici
Axis Communications
 
I principali benefici della soluzione per la protezione anti-intrusione
I principali benefici della soluzione per la protezione anti-intrusioneI principali benefici della soluzione per la protezione anti-intrusione
I principali benefici della soluzione per la protezione anti-intrusione
Axis Communications
 
Cybersecurity axis webinar_smallbusiness_it
Cybersecurity axis webinar_smallbusiness_itCybersecurity axis webinar_smallbusiness_it
Cybersecurity axis webinar_smallbusiness_it
Axis Communications
 
Satisfaction survey_Italy
Satisfaction survey_ItalySatisfaction survey_Italy
Satisfaction survey_Italy
Axis Communications
 
10 Tendencias tecnológicas que marcarán el 2018
10 Tendencias tecnológicas que marcarán el 201810 Tendencias tecnológicas que marcarán el 2018
10 Tendencias tecnológicas que marcarán el 2018
Axis Communications
 
Infographie des 10 tendances technologiques 2018
Infographie des 10 tendances technologiques 2018Infographie des 10 tendances technologiques 2018
Infographie des 10 tendances technologiques 2018
Axis Communications
 
I 10 trend tecnologici che definiranno il mercato della sicurezza nel 2018
I 10 trend tecnologici che definiranno il mercato della sicurezza nel 2018I 10 trend tecnologici che definiranno il mercato della sicurezza nel 2018
I 10 trend tecnologici che definiranno il mercato della sicurezza nel 2018
Axis Communications
 
10 technology trends that will shape security industry 2018
10 technology trends that will shape security industry 201810 technology trends that will shape security industry 2018
10 technology trends that will shape security industry 2018
Axis Communications
 
Smart City 44 use cases for IP video
Smart City 44 use cases for IP videoSmart City 44 use cases for IP video
Smart City 44 use cases for IP video
Axis Communications
 
How safe is your city?
How safe is your city?How safe is your city?
How safe is your city?
Axis Communications
 
Whitepaper perimeter protection
Whitepaper perimeter protectionWhitepaper perimeter protection
Whitepaper perimeter protection
Axis Communications
 
Axis deployable 4G/LTE solution
Axis deployable 4G/LTE solutionAxis deployable 4G/LTE solution
Axis deployable 4G/LTE solution
Axis Communications
 
Case studies Safe Cities
Case studies Safe CitiesCase studies Safe Cities
Case studies Safe Cities
Axis Communications
 
Flyer Axis Lte4G_Sierra_Wireless_1505
Flyer Axis Lte4G_Sierra_Wireless_1505Flyer Axis Lte4G_Sierra_Wireless_1505
Flyer Axis Lte4G_Sierra_Wireless_1505
Axis Communications
 
Ppt safecities axis_ agentvi_jvp_en_1505
Ppt safecities axis_ agentvi_jvp_en_1505Ppt safecities axis_ agentvi_jvp_en_1505
Ppt safecities axis_ agentvi_jvp_en_1505
Axis Communications
 
Flyer axis agentvi_jvp_en_1505
Flyer axis agentvi_jvp_en_1505Flyer axis agentvi_jvp_en_1505
Flyer axis agentvi_jvp_en_1505
Axis Communications
 
Whitepaper networkvideo safecity
Whitepaper networkvideo safecityWhitepaper networkvideo safecity
Whitepaper networkvideo safecity
Axis Communications
 

More from Axis Communications (20)

I principali benefici della soluzione per la protezione anti-intrusione
I principali benefici della soluzione per la protezione anti-intrusioneI principali benefici della soluzione per la protezione anti-intrusione
I principali benefici della soluzione per la protezione anti-intrusione
 
Infografica: perchè scegliere l'audio di rete?
Infografica: perchè scegliere l'audio di rete?Infografica: perchè scegliere l'audio di rete?
Infografica: perchè scegliere l'audio di rete?
 
Illuminazione ad infrarossi
Illuminazione ad infrarossi Illuminazione ad infrarossi
Illuminazione ad infrarossi
 
Come proteggere i piccoli esercizi dagli attacchi informatici
Come proteggere i piccoli esercizi dagli attacchi informatici Come proteggere i piccoli esercizi dagli attacchi informatici
Come proteggere i piccoli esercizi dagli attacchi informatici
 
I principali benefici della soluzione per la protezione anti-intrusione
I principali benefici della soluzione per la protezione anti-intrusioneI principali benefici della soluzione per la protezione anti-intrusione
I principali benefici della soluzione per la protezione anti-intrusione
 
Cybersecurity axis webinar_smallbusiness_it
Cybersecurity axis webinar_smallbusiness_itCybersecurity axis webinar_smallbusiness_it
Cybersecurity axis webinar_smallbusiness_it
 
Satisfaction survey_Italy
Satisfaction survey_ItalySatisfaction survey_Italy
Satisfaction survey_Italy
 
10 Tendencias tecnológicas que marcarán el 2018
10 Tendencias tecnológicas que marcarán el 201810 Tendencias tecnológicas que marcarán el 2018
10 Tendencias tecnológicas que marcarán el 2018
 
Infographie des 10 tendances technologiques 2018
Infographie des 10 tendances technologiques 2018Infographie des 10 tendances technologiques 2018
Infographie des 10 tendances technologiques 2018
 
I 10 trend tecnologici che definiranno il mercato della sicurezza nel 2018
I 10 trend tecnologici che definiranno il mercato della sicurezza nel 2018I 10 trend tecnologici che definiranno il mercato della sicurezza nel 2018
I 10 trend tecnologici che definiranno il mercato della sicurezza nel 2018
 
10 technology trends that will shape security industry 2018
10 technology trends that will shape security industry 201810 technology trends that will shape security industry 2018
10 technology trends that will shape security industry 2018
 
Smart City 44 use cases for IP video
Smart City 44 use cases for IP videoSmart City 44 use cases for IP video
Smart City 44 use cases for IP video
 
How safe is your city?
How safe is your city?How safe is your city?
How safe is your city?
 
Whitepaper perimeter protection
Whitepaper perimeter protectionWhitepaper perimeter protection
Whitepaper perimeter protection
 
Axis deployable 4G/LTE solution
Axis deployable 4G/LTE solutionAxis deployable 4G/LTE solution
Axis deployable 4G/LTE solution
 
Case studies Safe Cities
Case studies Safe CitiesCase studies Safe Cities
Case studies Safe Cities
 
Flyer Axis Lte4G_Sierra_Wireless_1505
Flyer Axis Lte4G_Sierra_Wireless_1505Flyer Axis Lte4G_Sierra_Wireless_1505
Flyer Axis Lte4G_Sierra_Wireless_1505
 
Ppt safecities axis_ agentvi_jvp_en_1505
Ppt safecities axis_ agentvi_jvp_en_1505Ppt safecities axis_ agentvi_jvp_en_1505
Ppt safecities axis_ agentvi_jvp_en_1505
 
Flyer axis agentvi_jvp_en_1505
Flyer axis agentvi_jvp_en_1505Flyer axis agentvi_jvp_en_1505
Flyer axis agentvi_jvp_en_1505
 
Whitepaper networkvideo safecity
Whitepaper networkvideo safecityWhitepaper networkvideo safecity
Whitepaper networkvideo safecity
 

Recently uploaded

Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
GDSC PJATK
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Pravash Chandra Das
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Jeffrey Haguewood
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 

Recently uploaded (20)

Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 

IEEE 802.1X and Axis’ Implementation

  • 1. White paper ieee 802.1X and axis’ implementation
  • 2. table of contents 1. introduction 3 2. General 3 3. Working principle 3 4. axis’ implementation of ieee 802.1X 4 5. Discussion and conclusion 5 6. helpful links 5
  • 3. 1. introduction Network security is a very important issue in the IP world. There are different levels of security when it comes to securing information being sent over IP networks. The first level is authentication and autho- rization. The user or device identifies itself to the network and the remote end by a username and pass- word, which are then verified before the device is allowed into the system. Added security can be achieved by encrypting the data to prevent others from using or reading the data. Common methods are HTTPS (also known as SSL/ TLS), VPN and WEP or WPA in wireless networks. IEEE 802.1X is an authentication and authorization technique. Many Axis network video products sup- port IEEE 802.1X as a security feature. In this white paper we will discuss the background as well as the working principle of IEEE 802.1X. We will also describe how 802.1X in Axis network camera products should be used, and when RADIUS (remote authentication dial-in user service) servers and switches are well configured. The intended audience of this document is technical personnel and system integrators. 2. General IEEE 802.1X is an IEEE Standard for port-based Network Access Control (“port” means the same physical connection to the LAN infrastructure). It is part of the IEEE 802.1 group of networking protocols. It pro- vides an authentication mechanism for devices to connect to a LAN, either establishing a connection or preventing the connection if authentication fails. IEEE 802.1X prevents what is called “port hi-jacking”; that is, when an unauthorized computer gets access to a network by getting to a network jack inside or outside a building. IEEE 802.1X is useful in, for example, network video applications since network cam- eras are often located in public spaces where a network jack can pose a security risk. In today’s enterprise networks, IEEE 802.1X is becoming a basic requirement for anything that is connected to a network. 3. Working principle There are three basic terms in 802.1X. The user or client that wants to be authenticated is called a sup- plicant. The actual server doing the authentication, typically a RADIUS server, is called the authentica- tion server. And the device in between, such as a switch, is called the authenticator. The protocol used in 802.1X is Extensible Authentication Protocol encapsulation over LANs (EAPOL). There are a number of modes of operation, but the most common case would look something like this (see Figure 1): 1. The authenticator sends an “EAP-Request/Identity” packet to the supplicant as soon as it detects that the network link is active (e.g., the supplicant, for example a network camera in a network video system, is connected to the switch). 2. The supplicant sends an “EAP-Response/Identity” packet to the authenticator. 3. The “EAP-Response/Identity” packet is then passed on to the authentication (RADIUS) server by the authenticator. 4. The authentication server sends back a challenge to the authenticator, such as with a token password system. 5. The authenticator unpacks this from IP and repackages it into EAPOL and sends it to the supplicant. Different authentication methods will vary this message and the total number of messages. EAP supports client-only authentication and strong mutual authentication. 6. The supplicant responds to the challenge by the authenticator. 7. The authenticator passes the response to the challenge onto the authentication server. 8. If the supplicant provides proper identity, the authentication server responds with a success message to the authenticator. 9. The success message is then passed onto the supplicant by the authenticator. The authenticator now allows access of the supplicant to the LAN, possibly restricted based on attributes that came back from the authentication server. For example, the authenticator might switch the supplicant to a particular virtual LAN or install a set of firewall rules. 3
  • 4. Figure 1. EAP authentication procedure in IEEE 802.1X Authentication Server Authenticator Supplicant EAP Identity Request 1 RADIUS Access Request EAP Identity Response 3 2 RADIUS Access Challenge EAP Request/Challenge 4 5 RADIUS Access Request EAP Identity Response 7 6 RADIUS Access Accept EAP Success 8 9 What should be noted is that setting up and configuring 802.1X is a fairly complex procedure, and it is important that RADIUS servers, switches and clients (like Axis cameras) are set up correctly. 4. axis’ implementation of ieee 802.1X To gain access to a protected network, the AXIS P1344 Network Camera, for example, must have a CA certificate, a Client certificate, as well as a Client private key. They should be created by the servers and are uploaded via a web interface or ftp. When the camera is connected to the switch, the camera will present its certificate to the network switch. If the certificate is approved, the switch allows the camera access on a preconfigured port. As pointed out previously, in order to use port-based authentication, the network must be equipped with a RADIUS server and a network switch with support for 802.1X. You may also need to contact your net- work administrator for information on certificates, user ID’s and passwords. The settings here enable the AXIS P1344 Network Camera to access a network protected by 802.1X/ EAPOL (Extensible Authentication Protocol Over Lan). There are many EAP methods available to gain access to a network. The one used by Axis is EAP-TLS (EAP-Transport Layer Security). Figure 2. Web interface with AXIS P1344 4
  • 5. The client and the RADIUS server authenticate each other using digital certificates provided by a PKI (Public Key Infrastructure) signed by a Certification Authority. Note that to ensure successful certificate validation, time synchronization should be performed on all clients and servers prior to configuration. Further configuration of network cameras should be performed on a safe network to avoid MITM (Man In The Middle) attacks. Terms used in the web interface are described as follows: CA Certificate - This certificate is created by the Certification Authority for the purpose of validating itself, so the AXIS P1344 Network Camera needs this certificate to check the server’s identity. Provide the path to the certificate directly, or use the browse button to locate it. Then click the Upload button. To remove a CA certificate, click the Remove button. Client certificate/private key - The AXIS P1344 Network Camera must also authenticate itself using a client certificate and a private key. Provide the path to the certificate in the first field, or use the Browse button to locate it. Then click the Upload button. To remove a client certificate, click the Remove button. Alternatively, it may be possible to upload the client certificate and key in one combined file, (e.g. a PFX file or PEM file). Provide the path to the file, or use the Browse button to locate it. Click Upload to load the file. To remove a client certificate and key, click the Remove button. EAPOL version - Select the EAPOL version (1 or 2) used in your network switch. EAP identity - Enter the user identity associated with your certificate. A maximum of 16 characters can be used. Private key password - Enter the password (maximum 16 characters) for your user identity. 5. Discussion and conclusion In today’s enterprise networks, IEEE 802.1X is more and more required as a gatekeeper. Many Axis net- work video products support IEEE 802.1X as a security feature. Setting up 802.1X is a fairly complex procedure, and it is important that Radius servers, switches and clients (like Axis cameras) are set up correctly. However, when RADIUS servers and switches are well configured for 802.1X, it is quite straight- forward to configure and integrate Axis network products into the 802.1X system. 6. helpful links > www.axis.com/products/video/ > www.axis.com/products/video/about_networkvideo/security.htm 5
  • 6. www.axis.com 37589/EN/R1/0912 about axis Communications Axis is an IT company offering network video solutions for professional installations. The company is the global mar- ket leader in network video, driving the ongoing shift from analog to digital video surveillance. Axis products and so- lutions focus on security surveillance and remote moni- toring, and are based on innovative, open technology platforms. Axis is a Swedish-based company, operating worldwide with offices in more than 20 countries and cooperating with partners in more than 70 countries. Founded in 1984, Axis is listed on the NASDAQ OMX Stockholm under the ticker AXIS. For more information about Axis, please visit our website at www.axis.com ©2009 Axis Communications AB. AXIS COMMUNICATIONS, AXIS, ETRAX, ARTPEC and VAPIX are registered trademarks or trademark applications of Axis AB in various jurisdictions. All other company names and products are trademarks or registered trademarks of their respective companies. We reserve the right to introduce modifications without notice.