|
802.1x network authentication supports a wide variety of credentials.
Dartmouth has chosen to use PKI Certificates, either stored on hardware
devices called eTokens or on the computer accessing the network. This
authentication scheme relies on high assurance certificates signed by
Dartmouth's certificate authority. Network logons are controlled by network
equipment (a.k.a., the Authenticator) and a Radius authentication server that
understands the 802.1x protocol.
Systems connecting to the secured 802.1x wireless network have all of their
traffic encrypted at Layer 2 (e.g., Ethernet), thereby securing the traffic “in
the air." All Layer 2 encrypted traffic is decrypted at the first Layer 3
network boundary, generally, the Authenticator (i.e., the Aruba wireless
switch). This protects all traffic over the most vulnerable section of the
network, but allows it to pass unencrypted on the remainder of the wired
network. 802.1x authentication strength and traffic protection is better than
Captive portal, but is often less secure than VPN access. This network
generally sits at a trust level higher than Captive portal authentication, but
often less than an IPSec VPN using eToken authentication.
Access to Dartmouth's secure wireless network requires PKI Certificate
authentication.
|
