Home > Intel Communities > Open Port IT Community > IT@Intel > Blog > 2007 > October > 19
Up to Blog Posts in IT@Intel
Previous Next

IT@Intel Blog

Currently Being Moderated
Sanjay Rungta
3

Enterprise Network Security Using 802.1x

Posted by Sanjay Rungta on Oct 19, 2007 3:33:00 PM

Within enterprise and large network we are seeing diverse set of users and computer and keeping the network secure is becoming a challenging job.

 

In response to this within a corporate network, Intel IT initiated the on-connect authentication (OCA) program, locking down and enabling security on network access ports using 802.1x standards and port security. 802.1x standard has been around for long time but recently it has picked up the momentum and for a big network it is not a very easy job to deploy and maintain. In a two-site pilot deployment, we gained insights, formulated best known practices, and developed automated tools and a strategy for an efficient global rollout to lock down every single access port at Intel. I hope you find our experience useful to you and I would also like to hear your experience on this.

 


Update: My white paper is now posted. Check it out and let me know your thoughts Securing the Corporate Network at the Network Edge

Tags: information_security, security, corporate_security


Add a comment Leave a comment on this blog post.
Oct 19, 2007 4:53 PM Bob Duffy Bob Duffy    says:

Good Podcast! Glad we got a wireless security guy on here. A burning question I've always had per wireless security. If you are on an unsecure wireless connection while encrypted over a VPN to your business office, couldn't your system and the business network still be at risk?

 

I've seen VPN enviroments where a PC is still unproctected from the traffic on the Wireless LAN even with a VPN in place, which I believe could create risk for the business network (i.e. if the pc is at risk, and connected to the business the business is at risk) How do you deal with this?
Reply
Oct 23, 2007 5:59 PM Guest Sanjay Rungta  says in response to Bob Duffy:

It depends on the PC/client configuration. If the client is allowed to establish two seperate tunnels then the client can act as a bridge between two connects (secure and non-secure) and protected environment can be at risk. So, it is common practice not to allow two seperate connects (corporate VPN and unsecure environment) on client setup.
Reply
Jun 2, 2008 3:44 PM Chad Clemons Chad Clemons    says:

Hey Sanjay! Great work!

 

I'm working on a co-location project at an Intel facility and I'm curious, do you provide OnConnect AP's in less than physically secured areas? More importantly, if so, what security measures are in place to prevent someone from disconnecting the cable at the AP and using that to get on the protected network?

 

Thanks!
Reply

Actions

Popular Blog Posts