SecureIT 2006
On Wednesday the 22nd I’m speaking at the SecureIT 2006 conference in Anaheim. The talk’s title is “802.1x: An IT Rorschach Test.” The following is the abstract: “The IEEE 802.1x standard for network authentication has been lambasted and praised, called both a dangerous diversion of an organizations resources and the foundation for the next-generation of user-based network services. But which is it? Early deployments of 802.1x (particularly in wired environments) ran into significant deployment issues which left some organizations soured to the entire notion of a campus authentication event at the network edge. This coupled with the relative stability of alternatives such as IPsec, SSL-based VPNs, and simpler options such as in-line web authentication have stalled installations and even pilots. However, there are organizations who are getting use out of 802.1x today and have managed to successfully roll out the technology in service of their organizations business goals. This talk will explore 802.1x deployment focusing on the lessons learned from both successful and unsuccessful early adopters. The largest challenges such as exception management, supplicant strategies, directory integration, and AAA infrastructure availability will be explored in detail. Additional topics covered include IT organizational issues, integration with other security technologies, and the direction of 802.1x as a technology (including security considerations). Attendees should have a basic understanding of network security including AAA. Prior 802.1x knowledge is not required.” I’m still polishing the slides but will post a PDF of them after the conference.