Friday Feb 23
802.1X-REV It’s a Cryptographic Come Back
Updated on Tuesday, 31 January 2012 12:32

The new 802.1X-2010 (formerly referred to here as 802.1X-REV) offers a multi-faceted approach to increasing integrity, availability and confidentiality throughout network infrastructures at every segment- from LANs and WLANs to WANs and MANs. Yeah, I threw out the I.A.C. triangle. As much as I hate using it, it is a foundational element of security.

Today I’m sad. When I Google 802.1X, the only results are passing articles and tidbits from 2006, 2007 and a few from 2008, and then of course, all my more recent articles and posts are intermingled with these older magazine contents. Oh, and Wikipedia. God only knows what THAT site says…

Is this my fault? I feel like it is. For quite a while, it seemed the majority of 802.1X-REV resources found on the Internet or any public forum were from articles or posts I wrote, or discussions I was stirring up with peers.

My focus strayed for a bit and the next thing I know 802.1X has dwindled in the public eye to a mere authentication method for wireless. This standard STARTED as a wired standard more than ten years ago, and now, in the 2010 revision I believe 1X has refound its lost roots and is ready to take the infrastructure world by storm.

I’m going to be better about blogging, and more specifically, I’m going to be better about sharing this type of new information. I think this technology will prove invaluable and I want to help demonstrate the many uses cases.

As a starter, let’s recap my top 3 technologies from the new IEEE standards:

  • MACsec – Very basically, layer 2 encryption for infrastructure devices
  • DeviceID – A standard for cryptographically-unique device identification, based on X509 certificates, with options for initial IDs (from manufacturer) and local IDs (defined by the user) and interaction with TPM
  • Network Advertisements – Part of the new 1X, allows a wired network to advertise different networks, with different security, on the same port (much like wireless SSIDs)

I don’t know which I’m more excited about; the network advertisements, or the unique device ID, which uses cryptographically unique hardware for device identification on a network. Well, when in doubt, go with crypto, right?

As I’ve been writing this post, I’ve had this song in my head.

# # #