The PPP, EAP, and 802.1x protocols are often confused with each other, which is no wonder because they’re all interrelated and involve authentication.

Point-to-Point Protocol (PPP) was originally a protocol for connecting and authenticating dialup modems. Today’s PPP is usually encapsulated in Ethernet frames and operates over Ethernet as PPP over Ethernet (PPPoE). PPPoE is commonly used for cable modem or DSL connections to an ISP for Internet access. PPP includes two authentication mechanisms: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).

Extensible Authentication Protocol (EAP) is an authentication protocol framework that works inside PPP to provide support for authentication protocols beyond the original PAP and CHAP protocols. EAP supports a wide range of authentication mechanisms including Kerberos, passwords, certificates, and public key authentication, as well as hardware schemes such as authentication dongles, smart cards, and USB tokens.

802.11x simply takes the EAP framework out of PPP and puts it into Ethernet, packetizing it for transmission over a wired or wireless network. 802.11x has three parts:

• Supplicant: A user who wants to join the network.
• Authenticator: An access point, switch, or other device which acts as a proxy between the user and the authentication server.
• Authentication Server: A server, usually a RADIUS server, which decides whether to accept the user’s request for network access.

When a user tries to access a network through a wireless access point or by plugging into an Ethernet port, the authenticator—usually an access point or switch—consults with the authentication server before allowing the user onto the network.

#1. Repurpose unused phone wires for Ethernet.

Campus phone systems are usually built around 25- and 50-pair trunk cable. Most of these wire pairs are redundant and not used as phone lines. These spare pairs can be commandeered for Ethernet through the use of Ethernet extenders, which not only transparently establish a network connection on phone cable, but can also extend links farther than the usual 100-meter limit for Ethernet on copper. Ethernet extenders are an ideal solution for linking isolated workstations without laying new cable.

#2. Upgrade to fiber on your existing copper ports.

Fiber optic cable has many advantages, including speed, distance, and resistance to EMI/RFI, plus it’s now usually less expensive to install than the equivalent copper infrastructure. What usually stops the installation of fiber is the prospect of having to replace expensive network switches with fiber switches and having to install fiber NICs in PCs.

Media converters are a simple way to convert the RJ-45 ports on existing equipment to fiber. Because media converters are transparent to data, they’re “invisible” to the network—literally plug-and-play. In the data center, modular media converter systems feature powered chassis that house and power multiple media converters—a whole switch’s worth of copper ports can be converted to fiber without cluttering the rack. On the desktop side, tiny USB-powered media converters bring fiber to the desktop without the driver issues and incompatibilities created by fiber NICs.

#3. Take advantage of PoE without buying new switches.

Adding power over Ethernet (PoE) devices such as VoIP phones, wireless access points, and security cameras doesn’t have to mean an investment in a new PoE switch. PoE injectors enable you to add power to one or more Ethernet runs using your existing copper-based Ethernet switches. Injectors are particularly useful when adding just one or two PoE devices such as security cameras to a network.

#4. Accommodate larger equipment in the cabinets you have now.

Sometimes upgrading servers or switches can lead to a space problem when new, larger equipment restricts cabinet cabling space. These tight squeezes can often be solved by using right-angle patch cables, which can save up to 4" of cabling space over ordinary patch cable, eliminating the expense and difficulty of replacing data cabinets.

#5. Bring legacy equipment with serial interfaces into today’s network.

Devices such as machine tools, restaurant equipment, and scientific instrumentation often have a useful life that spans decades. Although newer industrial devices now come equipped with Ethernet, older equipment often has an RS-232 RS-232, RS-422, or RS-485 serial interface. These serial devices can be brought into the Ethernet network through the use of a device server. Once legacy devices are on Ethernet, they can be accessed from a central location, enabling control, real-time diagnostics, data capture, and alerts.

Remote access is the ability to access a network, a personal computer, a server, or other device from a distance for the purpose of controlling it or to access data. Today, remote access is usually accomplished over the Internet, although a local IP network, telephone lines, cellular service, or leased lines may also be used.

Remote access is a very general term that covers a wide range of applications from telecommuting to resetting a distant server. Here are just a few of the applications that fall under the remote access umbrella:

Remote network access
A common use for remote access is to provide corporate network access to employees who work at home or are in sales or other traveling positions. This kind of remote access typically uses IPsec VPN tunnels to authenticate and secure connections.

Remote desktop access
Remote desktop access enables users to access a computer remotely from another computer and take control of it as if it were local. This kind of remote control requires that special software—which is included with most operating systems—be installed and enabled. It’s often used by those who travel frequently to access their “home” computer, and by network administrators for remote server access. This remote access method has some inherent security concerns and is usually incompatible with firewalls, so it’s important to be aware of its limitations and use adequate security precautions.

Remote KVM access
A common application in organizations that maintain servers across multiple sites is server administration through an IP-enabled KVM switch. These IP-addressable switches support one or more servers and have an integral Web server, enabling users to access them over the Internet through a Web browser. Because they’re intended for Internet use, these switches offer authentication and encryption for secure connections.

Remote power management
Anyone who’s ever had to get out of bed in the middle of the night to go switch a server off and back on again to reset it can appreciate the convenience of remote power management. Remote power managers have a wide range of capabilities ranging from simple power switching to reboot a device to sophisticated power monitoring, reporting, and management functions.

Remote environmental security monitoring
Remote environmental and security monitoring over the Internet is increasingly popular, largely because of the cost savings of using existing network infrastructure rather than a proprietary security system. This application requires IP-addressable hubs that support a variety of sensors ranging from temperature and humidity to power monitors. Some models even support surveillance cameras.

Cost savings for you

With today’s ubiquitous Internet availability, remote access is increasingly popular and often results in significant cost savings by enabling greater network access and reducing travel to remote sites.

One of the most aggravating infrastructure challenges occurs when you get asked to put a workstation in some inconvenient, too far, difficult-to-wire spot. If there’s a room at the far end of some unused hallway, or a shack at the edge of campus, chances are you’re going to get a request for an Ethernet port there.

Whenever you need to put a connection in one of these types of places, your first move should be to check to see if there’s any existing cable that can be adapted for Ethernet by using Ethernet extenders. Most modern buildings have unused voice-grade wires or unused coax. Additionally, many campuses have installed 25- or 50-pair telephone trunk cables between buildings. You can hijack these unused wires for Ethernet use.

Ethernet extenders are easy to set up—all you need to do is to plug in one at each end of the twisted-pair wire or coax. Sometimes you’ll also need to set a DIP switch for local or remote operation. Once the Ethernet extenders are installed, there’s nothing to configure, and the extenders are transparent to network operation.

Ethernet extenders can often save you the time, aggravation, and expense of pulling new cable. If you have the right cable already installed, Ethernet extenders are definitely the way to go when it comes to putting your network into out-of-the-way or distant locations. Best of all, when you pull off that difficult install, you look like a miracle worker!

Earlier this year, the CCCA (Communications Cable and Connectivity Association) commissioned a white paper after it tested cables from offshore manufacturers and found that many failed to comply with fire safety specifications. It found that many of the cables are made from low-fire performing materials making them highly combustible. This means trouble for contractors.

The paper was commissioned from the law firm of Crowell Moring to look at potential liability for contractors who install communications cables that do not comply with NEC (National Electrical Code) requirements.

In the white paper, Crowell Moring studied the laws in Connecticut, Virginia, and Florida.  Because each state incorporates NEC into its building codes, a violation of those codes is a state violation. Crowell Moring explains, “Any installed cable that fails to meet the NEC standards, whether known, apparent, or not, opens a contractor up to penalties for those failures.”

The paper concludes that contractors who install CMR or CMP cable may face liability based on violations of building codes. If a contractor installs non-compliant cable that causes damage, such as a fire, the contractor can also be held liable in civil lawsuits.

The paper states that "A contractor need not have actual knowledge that the cable is non-compliant to be found negligent. If a contractor knew it installed non-compliant cable, but said it was compliant, the contractor can be charged with fraud. And lastly, if a contractor installs non-compliant cable, either knowingly or unknowingly, the contractor is liable for breach of contract and warranty claims.”

As a contractor you may face exposure to legal liability. The white paper says you can avoid this liability by carefully, “selecting, purchasing, and installing cable that complies with NEC standards.”  In addition to the white paper, information on non-compliant cables and best practices for purchasing compliant cables can be found at the CCCA website.

Here at Inside the Box, we’re always trying to find stellar content and industry news. One of the hottest topics in the cabling industry today is the prevalence of counterfeit cable. In a nutshell, counterfeit cable is imported cable marked and advertised as compliant to North American fire codes and industry standards, but it's not—even though the cable may carry UL® and ETL marks. The subject is extremely serious because of public safety and liability issues about fire and network performance. In addition, there are also legal and cost issues related to contractor liability.

Today, we want to share the presentation given at the September 2011 BICSI conference by the CCCA (Communications Cable & Connectivity Association). The presentation, titled Non-Compliant Cabling Products: How Big Is the Problem and What Can be Done?, focuses on codes and standards in the cabling industry, as well as what your risks are when installing non-compliant cable.

Founded in 2007, the CCCA is a non-profit association committed to ensuring all cabling products in North America comply with existing codes and standards. The association is growing, and members include many of the industry's top cabling manufacturers.

The CCCA has also done other studies on counterfeit and substandard cables. The results point to the importance of purchasing cable from known sources (such as us!). You can also check verified cable directories on the UL® and ETL websites. Look for authentic marks and labels on the cable, too. For example, in October 2010, UL® started requiring the use of holographic labels on cable.

For more studies and presentations by the CCCA, check out their blog.

We’ve focused on the importance of network security before, and if you remember, it all starts with getting physical. Now you can boost your physical network security starting at the port. Here’s one of the simplest and inexpensive, yet most effective ways you can increase your Layer 1 security. Lock up your network ports with LockPORT Security Locking Patch Cables. They stay locked in place until you take them out. Or, as Christina Hansen from CableOrganizer.com’s Product Showcase says, “removal only with approval.”

If people—whether they’re personnel, visitors, or those with evil on their mind—can’t disconnect your network cables, they can’t tamper with your network and bring it down. Another danger to your network are cable connections that work loose over time or are accidentally knocked out. Loose and poor cable connections are one of the biggest causes of network downtime. And, it’s why the first question Help Desk technicians ask is: “Did you check the cable connection?” Whether from accidental or intentional disconnects, once your network goes down, you could spend hours and hours trying to pinpoint where the problem lies.

Two levels of security

LockPORT gives you two different locking cable choices. Both feature the same patented LockPORT boot. What differs are the patented clip inserts. Best of all, the clips are interchangeable so if you're application changes, all you do is move a clip from one cable to another instead of buying more cables.

For absolute port security, choose the red Key Locking cable. It secures cables in place and can only be removed by you with the Removal Tool. This is the “removal only with approval” lock.

To prevent accidental disconnects, but to give people access to ports, use the green Secure Locking cable. It holds the cable in place and eliminates disconnects from jostling and general wear and tear.

Publicly perfect.

Use LockPORT cables to prevent network tampering in public areas like hospitals, airports, hotels, and shops. It’s perfect for educational settings as well, providing a foolproof way to secure network connections in classrooms and training rooms. And, it’s a great and inexpensive way to turn your CAT5e/6 and fiber cables into a Layer 1 security tool.

Download the LockPORT Brochure, or see how LockPORT cables can secure your network ports in the video below:

Because wireless networks are particularly vulnerable to attacks, security is a primary concern. Wireless networks can be hacked by “war drivers“—who cruise around looking for a wireless signal to exploit. Usually war drivers are just looking for free Internet access, but sometimes they’re looking for confidential information such as credit card numbers.

Although a wireless network can never be totally secure, there are important steps you can take to minimize the risk:

1. Know how far your signal extends.
When you install a wireless network near public areas, it’s very important to know where your signal is going. If it’s easily picked up outside your business—perhaps from a parked car across the street or from the building next door—then you’ve got a security problem. If you send a strong wireless signal into the coffee house next door to your business, chances are someone is going to try to take advantage of it.

A wireless analyzer can help you map exactly where your access points are sending their signals. This can help you arrange the access points in your network in order to minimize signals in public areas and maximize signals to your users. A wireless analyzer can also spot unauthorized wireless access points attached to your network as well as other wireless networks broadcasting in your area. A wireless analyzer may be a freestanding application or may be part of a wireless management suite. Newer wireless mesh products often feature cloud-based management that includes wireless analysis.

2. Separate your wired network from your wireless network.
To add a layer of security to your wireless network, separate it from your wired network by gathering all your wireless access points into a separate LAN connected to the DMZ port of your firewall. This makes the wireless network accessible, yet safely outside of your main wired LAN. Once you separate the wireless from the wired network, insist that anything that needs to be kept secure stay on the wired network. This includes confidential data such as credit card numbers, sensitive financial data, or corporate secrets of any kind. You can, however, freely use the wireless network for less-sensitive applications such as notebook computers for taking notes at meetings, PCs for temporary workers, computer hookups for trade show booths, and bar-code readers for inventory.

3. Use encryption to lock out unauthorized users.
Any wireless signal, no matter how heavily encrypted, can be broken into eventually. Encryption isn’t perfect, but it can go a long way towards discouraging the casual hacker—the trick is to make breaking into your network so difficult that the hackers don’t bother. Be sure to use encryption and, rather than easily hacked WEP, use higher-level encryption schemes such as Extensible Authentication Protocol-Transport Layer Security (EAP-TLS).

4. Have a security plan and implement it. Seriously.
With a wireless network, as in any other network, it’s important to have a security plan and then implement it. The biggest security problem with wireless security is that network administrators often fail to take even the simplest of steps to ensure security, do not activate encryption at all, or fail to change the default passwords. When you fail to take these basic precautions, you leave your wireless network extremely vulnerable to casual hacking.

Yes, a wireless network is less secure than a wired network, but if you pay attention to your wireless network and implement a sensible security plan, you won’t find yourself blindsided by its vulnerabilities.