IEEE 802.1x promises port-level authentication with security
for both wired and wireless users. But it’s a promise that has not yet been
fully realized on an industry-wide level for a variety of reasons, among
which is the open availability of an enterprise-class standard client for
interfacing with 802.1x
A new consortium called OpenSEA (Open Secure Edge Access)
is hoping to make 802.1x more pervasive by developing an enterprise-class
open source 802.1x supplicant. OpenSEA’s members include Aruba Networks (Quote), Extreme Networks (Quote), Identity Engines, Infoblox, Symantec (Quote), TippingPoint and Trapeze Networks.
“For 802.1x you have the network infrastructure, which needs to be 802.1x-capable in your switches, cards and access points,” Sean Convery, CTO at
Identity Engines and OpenSEA board member, told internetnews.com.
“And then you also need, in 802.1x jargon, the supplicant, or client, which allows the end point to connect to the infrastructure. The organizations that founded OpenSEA all have the common goal of wanting to promote 802.1x as a technology. Making an open source supplicant will help that happen.”
Identity Engines makes a network-centric policy server decision engine that
allows network access with consistent policies. Convery explained that
802.1x is a key technology to allow functionality for enabling better
security, and if 802.1x succeeds, it helps Identity Engines succeed.
Paul Sangster, chief security standards officer and distinguished engineer at
Symantec, said helping his company succeed with its network security efforts is why it’s involved with OpenSEA.
“The promise of 802.1x providing access time security for authentication and
for network access control offers a lot of potential and we have products
all across the space,” Sangster who is also an OpenSEA board member said.
“Having a reliable base open source supplicant would help a number of our
product offerings removing a barrier to 802.1x being successful.”
OpenSEA isn’t starting from scratch in its effort, but with the Open1x open source supplicant effort called Xsupplicant. Xsupplicant is a basic command line Linux
based interface but OpenSEA will be extending the client’s functionality and
working on developing a graphical user interface as well as ports for
Microsoft Windows XP and Apple Macintosh.
The new OpenSEA 802.1x supplicant will be dual-licensed under the BSD
(define) and GPL (define) open source licenses, enabling the effort
to be used by both commercial and open source entities.
Among the challenges facing OpenSEA will be trying proving to people
that the solution works as it should. Symantec’s Sangster noted that a big
challenge will be proving to the member companies that OpenSEA has an
enterprise-grade solution that is highly interoperable on a large number of
platforms. Convincing consumers of the same thing is the other half of the
equation.
A big challenge that is often noted by vendors as a barrier to adoption for
802.1x penetration is hardware pervasiveness. That is not an issue for
Identity Engine’s Convery.
“Every wireless product shipped today will do it, and up and down the line in
the Ethernet switches, 802.1x is being baked into the products,” Convery
said. “So while there is a percentage of wired infrastructure that is not
yet 802.1x-capable I would argue that most, if not all, wireless
infrastructure is.”
The real challenge of 802.1x, Convery continued, is the education and mind
shift required by network administrators.
This article was first published on InternetNews.com. To read the full article, click here.