The present invention relates generally to network security systems.
Corporate computer networks are increasingly vulnerable to attacks from intruders. Hackers, viruses, vindictive employees, and even human error pose danger to corporate networks. Wireless networking technologies provide convenience and mobility, but they also introduce security risks on a network. For example, unless authentication and authorization mechanisms are implemented, anyone who has a compatible wireless network adapter can access the network.
To provide a uniform solution for preventing unauthorized devices from gaining access to networks, 802.1X, a Switch Port-Based Network Access Control standard was created by the Institute of Electrical and Electronic Engineers (IEEE), and governs access to wired and wireless networks. The 802.1X standard provides support for centralized user identification, authentication, dynamic key management, and accounting. According to the standard, a user of a client device is asked to provide authentication information to a security server. The security server authenticates the user based on the provided information and authorizes access to the network if the user is authenticated.
Although 802.1X protocol is widely used by large corporations, configuring a network switch with the 802.1X protocol remains a very cumbersome and complicated task, which is often beyond the expertise of most network administrators in small to mid-level businesses. In addition, implementing the protocol requires having a separate component, such as a RADIUS server.
A Dynamic Host Configuration Protocol (DHCP) is another known mechanism for providing access to networks. According to the DHCP, when a device sends a request to an IP address, a system that executes the DHCP assigns an IP address to the requesting device. Existing systems that implement the DHCP, however, do not provide any security features. As a result, an authorized device can gain access to networks.