OpenSEA Aims for a More Pervasive 802.1x
IEEE 802.1x promises port-level authentication with security for both wired and wireless users. But it's a promise that has not yet been fully realized on an industry-wide level for a variety of reasons, among which is the open availability of an enterprise-class standard client for interfacing with 802.1x
A new consortium called OpenSEA (Open Secure Edge Access) is hoping to make 802.1x more pervasive by developing an enterprise-class open source 802.1x supplicant. OpenSEA's members include Aruba Networks, Extreme Networks, Identity Engines, Infoblox, Symantec, TippingPoint and Trapeze Networks.
"For 802.1x you have the network infrastructure, which needs to be 802.1x-capable in your switches, cards and access points," Sean Convery, CTO at Identity Engines and OpenSEA board member, told internetnews.com.
"And then you also need, in 802.1x jargon, the supplicant, or client, which allows the end point to connect to the infrastructure. The organizations that founded OpenSEA all have the common goal of wanting to promote 802.1x as a technology. Making an open source supplicant will help that happen."
Identity Engines makes a network-centric policy server decision engine that allows network access with consistent policies. Convery explained that 802.1x is a key technology to allow functionality for enabling better security, and if 802.1x succeeds, it helps Identity Engines succeed.
Paul Sangster, chief security standards officer and distinguished engineer at Symantec, said helping his company succeed with its network security efforts is why it's involved with OpenSEA.
"The promise of 802.1x providing access time security for authentication and for network access control offers a lot of potential and we have products all across the space," Sangster who is also an OpenSEA board member said. "Having a reliable base open source supplicant would help a number of our product offerings removing a barrier to 802.1x being successful."
OpenSEA isn't starting from scratch in its effort, but with the Open1x open source supplicant effort called Xsupplicant. Xsupplicant is a basic command line Linux based interface but OpenSEA will be extending the client's functionality and working on developing a graphical user interface as well as ports for Microsoft Windows XP and Apple Macintosh.
Among the challenges facing OpenSEA will be trying proving to people that the solution works as it should. Symantec's Sangster noted that a big challenge will be proving to the member companies that OpenSEA has an enterprise-grade solution that is highly interoperable on a large number of platforms. Convincing consumers of the same thing is the other half of the equation.
A big challenge that is often noted by vendors as a barrier to adoption for 802.1x penetration is hardware pervasiveness. That is not an issue for Identity Engine's Convery.
"Every wireless product shipped today will do it, and up and down the line in the Ethernet switches, 802.1x is being baked into the products," Convery said. "So while there is a percentage of wired infrastructure that is not yet 802.1x-capable I would argue that most, if not all, wireless infrastructure is."
The real challenge of 802.1x, Convery continued, is the education and mind shift required by network administrators.
"The challenge beyond the capital cost of gear is the change to network operations. Going from an unauthenticated internal network to a network where you plug in and are authenticated at the port level is a shift for IT organizations," Convery said.
"We're hoping that by seeding the market with this stable open source common client it will enable IT organizations to then go to the next phase of actually realizing what an enterprise-wide rollout of 802.1x looks like."
Article courtesy of internetnews.com