Åtkomst nekad: Autentisering och säkerhetsrutiner för lokala nätverk
2022 (Swedish) Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE credits
Student thesis Alternative title
Access denied : Authentication and security routines for local area networks (English)
Abstract [en]
In the field of Cybersecurity, it is essential to know who is connected to your system. The functionality for Authentication of connecting users in the local area network is in the focus for this report. There exist various authentication protocols, however in this report IEEE 802.1X is covered since it is the protocol most suitable for wired local area networks. The IEEE 802.1X protocol is studied in theory with its architecture of Supplicator, Authenticator and Authentication server and the used communication protocols EAPOL and RADIUS. A practical test was then performed as a basic concept to learn more about pros and cons for utilizing these protocols where the fundamentals of protocol communications are observed and later the prerequisites for a larger scale implementation are described.
The outcome from the test is proof of the relative difficulties involved with having to keep up with the pace of Cybersecurity evolution. In the test, older equipment where thought to be used, however due to incompatibility of gear and software the test needed to be revised to use other gear. The learning outcome from the test is that it is a complex task to set up authentication, competent staff are needed, as well as suitable equipment.
The motivation for setting up IEEE 802.1X is found in larger organizations where the risks of an attack are high, the large number of users calls for centralized systems for the handling of users and network policies. Due to the trend of Bringing you own device, a policy for the handling of unauthorized users and devices is needed to be in place. The default behavior may be to just deny access for unauthorized devices, however with authentication systems implemented the unauthorized user may instead benefit from being automatically referred to a guest network in a secured manner and the authorized user gains flexibility to access the network thru any available network port.
For the improvement and maintenance of Cybersecurity administration an Information Security Management System is found useful, the organization can thereby continuously improve their work and document the system features and routines. In case of a security breach that system gives support for immediate action upon the problem, and even stronger preparation for the Cyber defense in the form of good backup routines and monitoring the normal state activities where all devices are either authorized or unauthorized and placed into their proper network according to network policies.
Place, publisher, year, edition, pages 2022. , p. 42
Keywords [en]
Authentication, IEEE 802.1X, EAPOL, RADIUS, ISMS
National Category
Embedded Systems Computer Systems
Identifiers URN: urn:nbn:se:mdh:diva-59253 OAI: oai:DiVA.org:mdh-59253 DiVA, id: diva2:1674870
External cooperation
Andreas Hansson, Aros IT-partner AB
Subject / course Computer Science
Presentation
2022-06-03, Zeta, Mälardalens universitet, Västerås, 10:35 (Swedish)
Supervisors
Examiners
Note Examensarbete för högskoleingenjörsexamen i nätverksteknik
2022-06-232022-06-222022-06-23 Bibliographically approved