802.1x Not Secure for Wired Networks…

Steve Riley has posted a fairly long article about why 802.1X should not be deployed on wired networks…

This is relatively new to me, considering that the 802.1X was the backbone of the Network Access Protection feature that will ultimately be included in Longhorn Server. My problem with the proposed solution that MS is advocating - domain isolation - seems to be limited to Windows products. Even when one looks at the Improving Security with Domain Isolation: Microsoft IT implements IP Security (IPsec), MS recommends using Boundary computers to allow unsecure connections from UNIX, Mac, Pocket PC, and other networking devices otherwise incompatible with the IPSec security features in Windows. This isn’t manageable for small and mid-sized organizations that also have a need for wired security. Will there be a better solution in the Longhorn Server timeframe? I’m not sure (yet).

How do the rest of you secure your wired networks (especially in small/mid-sized businesses)? I have resorted to disconnecting unused network drops at the patch panel to keep rogue laptops from our private network… All network drops in public areas and conference rooms are connected to a public network that either has limited internet or VPN access.

Tags: ,