O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

15.7. Using 802.1X

Ordinarily, when you connect a computer to a network (via Ethernet, Wi-Fi, or some other means), that computer automatically has network access. The user may need to provide credentials to log in to specific servers or resources, but access to the local network itself (and, usually, to the Internet) is open. A networking protocol known as 802.1X aims to increase network security by requiring each device to authenticate (typically, with a username and password, although other means of authentication, such as smart cards and biometrics, are also supported) before any network access is granted — other than to the authentication mechanism itself.

A typical implementation of 802.1X involves a central authentication server — usually a RADIUS server — that maintains a database of each user's credentials. A device that wants to connect to the network is called a supplicant; it sends a request for authentication to a device called an authenticator, which functions as a network switch. As long as the switch is off, supplicants can communicate only with the authenticator. But once the authenticator has validated the user's credentials against the information on the authentication server, it flips the switch, and the supplicant's traffic travels freely through the authenticator to the rest of the network.

NOTE

For more on configuring Mac OS X Server's RADIUS server, see Chapter 31.

802.1X is used more frequently for wireless networks than for wired networks because its ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required