Using Third-Party 802.1X Clients on Windows, Linux or Mac
By Eric Geier (NoWiresSecurity Founder & CEO) - originally published on EnterpriseNetworkingPlanet.com
Whether you're using 802.1X
authentication for enterprise Wi-Fi encryption and/or for locking
down the wired ports, you must use an 802.1X client on the end-user
computer or device.
XSupplicant by Open1X
The first third-party 802.1X client we're going to look at is XSupplicant, an open source project maintained by Open1X and backed by OpenSEA. It supports both wireless and wired authentication. It offers a GUI application for both Windows (only XP) and Linux to manage your Wi-Fi interface and to configure the authentication settings. The biggest advantage of using this aftermarket supplicant is the wide range of EAP types supported:
Unfortunately, XSupplicant doesn't
offer additional security or deployment features. However, it does
include a logging feature and the ability to easily set advanced
authentication settings and timers.
SecureW2 Enterprise Client
is a commercial solution by
SecureW2 B.V. (a Dutch Corporation), supporting both wireless
and wired connections. They provide a GUI application for Windows
(up to Windows 7) and Windows Mobile to configure the authentication
settings. This works right alongside the built-in wireless utility
of Windows without replacing it, unlike most other 802.1X
This client provides a few interesting
security enhancements over what Windows provides. It can, for
example, disable the Wi-Fi when a wired connection is established.
The client can also lockdown the authentication settings after
deployment to prevent tampering or accidental changes.
Of course, if you're using Cisco gear you might consider using their solution, the Cisco Secure Services Client. It's a GUI application currently available for Windows 2000, XP, and Vista. It's actually a rebranded and updated version of Meetinghouse's old AEGIS SecureConnect software application. It provides support for a variety of EAP types, including their own:
The Cisco Secure Services Client
features integrated VPN client capabilities, XML-based provisioning
of authentication details, and the ability prevent configuration
changes by the end-users.
The wpa_supplicant is an open source project designed for Linux, BSD, Mac OS X, and Windows. Its main advantage is the portability of different drivers and operating systems. It includes a text-based frontend (wpa_cli) along with a GUI (wpa_gui). It also supports a long list of EAP types:
Unfortunately, the wpa_supplicant
doesn't offer security or deployment enhancements like some of the
other clients. However it does include support for Wi-Fi Protected
Setup (WPS), great if you're using WPA/WPA2-PSK and aren't already
using an OS (like Windows 7) that natively supports it.
XpressConnect from Cloudpath
Networks isn't an 802.1X supplicant, but enhances the built-in
clients of operating systems. It helps configure and distribute the
802.1X authentication settings among Windows, Mac OS X, Ubuntu, and
handheld devices, including iPhone. It even helps you manage the
firewall settings, Windows Automatic Updates, and the deployment of