{"id":5942,"date":"2024-09-28T15:59:23","date_gmt":"2024-09-28T12:59:23","guid":{"rendered":"https:\/\/www.bilisimonline.net\/?p=5942"},"modified":"2024-09-23T16:02:05","modified_gmt":"2024-09-23T13:02:05","slug":"ieee-802-1x-nedir","status":"publish","type":"post","link":"http:\/\/www.bilisimonline.net\/index.php\/2024\/09\/28\/ieee-802-1x-nedir\/","title":{"rendered":"IEEE 802.1X Nedir?"},"content":{"rendered":"\n

IEEE 802.1X standard\u0131; <\/strong>noktadan noktaya ba\u011flant\u0131lara sahip LAN portuna tak\u0131lm\u0131\u015f cihazlar\u0131n kimlik do\u011frulama ve yetkilendirilmesine olanak sa\u011flayan port tabanl\u0131 a\u011f eri\u015fim denetimidir. A\u011fda port tabanl\u0131 kullan\u0131c\u0131 do\u011frulayabilmek ve herhangi bir kullan\u0131c\u0131ya ya da gruba \u2018a\u011fa eri\u015fim politikalar\u0131\u2019 uygulamak amac\u0131yla kullan\u0131l\u0131r. Kimlik do\u011frulama ve yetkilendirme ba\u015far\u0131s\u0131zsa o port eri\u015fime kapat\u0131l\u0131r ve bu sayede yerel a\u011f altyap\u0131s\u0131 korunmu\u015f olur. Kullan\u0131c\u0131 do\u011frulama; MAC adresi, switch portu ya da harici bir yetkilendirme politikas\u0131 ile sa\u011flan\u0131r. A\u011fa kimin hangi hakla girece\u011finin belirlenmesi, denetlenmesi ve yetkilendirmesi kullan\u0131c\u0131 odakl\u0131, a\u011f tabanl\u0131 eri\u015fim kontrol\u00fc olan NAC taraf\u0131ndan belirlenir. 802.1X protokol\u00fc hem kablolu hem de kablosuz a\u011flarda g\u00fcvenli kimlik denetimi (authentication) ama\u00e7l\u0131 olarak kullan\u0131lmaktad\u0131r.<\/p>\n\n\n\n

802.1X protokol\u00fc ile \u00fc\u00e7 ama\u00e7 (AAA) i\u00e7in kimlik denetimi yap\u0131l\u0131r:<\/strong><\/p>\n\n\n\n

Authentication (Yetkilendirme) Kullan\u0131c\u0131 ya da kullan\u0131c\u0131lara sisteme, programa veya a\u011fa eri\u015fim hakk\u0131n\u0131n verilmesidir.<\/p>\n\n\n\n

Authorization (Kimlik Do\u011frulama) Sunucu, anahtar veya y\u00f6nlendirici kullan\u0131mlar\u0131nda cihaz ya da kullan\u0131c\u0131n\u0131n kimli\u011finin onaylanmas\u0131d\u0131r.<\/p>\n\n\n\n

Accounting (Hesap Y\u00f6netimi) : Herhangi bir kullan\u0131c\u0131n\u0131n ne yapt\u0131\u011f\u0131, kullan\u0131c\u0131 hareketleri kullan\u0131c\u0131 veri ba\u011flant\u0131lar\u0131 ve kullan\u0131c\u0131 sistem kay\u0131tlar\u0131n\u0131n izlenebilmesi amac\u0131yla yap\u0131lan i\u015flemdir.<\/p>\n\n\n\n

802.1X protokol\u00fc EAP ve PPP protokolleriyle birlikte anla\u015f\u0131lmal\u0131d\u0131r. PPP (Point to Point Protocol) \u00e7evirmeli ba\u011flant\u0131dan DSL ba\u011flant\u0131s\u0131 \u00fczerinden kablo modem kimlik do\u011frulamas\u0131na, 2 katman t\u00fcnel protokol\u00fcn\u00fcn kimlik do\u011frulamas\u0131na kadar \u00e7ok farkl\u0131 yerlerde kullan\u0131lan bir protokold\u00fcr.  PPP 802.1X\u2019in kullan\u0131c\u0131 do\u011frulama i\u015flemi boyunca iletim katman\u0131 \u00fczerinde IP\u2019ye ihtiya\u00e7 duymadan genel bir \u00e7er\u00e7evede kimlik tan\u0131mlama sistemi olan iyile\u015ftirilmi\u015f bir iletim protokol\u00fc standard\u0131 olarak kullan\u0131l\u0131r<\/p>\n\n\n\n

EAP (Extensible Authentication Protocol)   PPP’nin kimlik do\u011frulama protokol\u00fcn\u00fcn i\u00e7inde \u00e7al\u0131\u015fmaktad\u0131r ve farkl\u0131 kimlik do\u011fruma y\u00f6ntemleri sunar. EAP ile beraber farkl\u0131 kimlik do\u011frulama sunucular\u0131 (RAS, RADIUS i\u00e7in genelle\u015ftirilmi\u015f bir \u00e7er\u00e7eve sunar.  EAP ile kimlik do\u011frulama y\u00f6ntemlerinin birlikte \u00e7al\u0131\u015fabilirli\u011fi ve uyumlulu\u011fu basit hale gelir.
 K\u0131saca Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

802.1x mimarisinde \u00fc\u00e7 temel \u00f6\u011fe bulunur:<\/strong><\/p>\n\n\n\n

    \n
  1. \u00a0Kimlik sorgulamas\u0131 yap\u0131lacak istemci ya da ki\u015fi<\/li>\n\n\n\n
  2. \u0130stemciyle kimlik denetleme sunucusunun aras\u0131nda bulunan eri\u015fim noktas\u0131 (authenticator)<\/li>\n\n\n\n
  3. Kimlik denetleme sunucusu (Authentication Server)<\/li>\n<\/ol>\n\n\n\n

    – \u0130stemci (kimlik do\u011frulamas\u0131 yapmak isteyen kullan\u0131c\u0131) ve kimlik denetiminin yap\u0131ld\u0131\u011f\u0131 sunucu (Authentication Server) aras\u0131nda bulunan denetleyici (authenticator) cihaz, ba\u011flant\u0131 durumunda istemciye EAP-Request\/Identity paketi gondererek kendisini tan\u0131tmas\u0131n\u0131 ister.
    – \u0130stemci,kimli\u011fini tan\u0131tan EAP-Response\/Identity paketi ile cevap verir. Ve bu paket enkaps\u00fcle edilerek sunucuya g\u00f6nderilir.
    – Sunucu, denetleyiciye \u015fifreli token sistemi gibi bir davetiye atar. Denetleyici bu paketi a\u00e7\u0131p EAPOL (LAN \u00fczerinden EAP) i\u00e7erisinde istemciye g\u00f6nderir. \u0130stemci davetiyeye denetleyici \u00fczerinden cevap g\u00f6nderir.
    – E\u011fer istemci gerekli kullan\u0131c\u0131 tan\u0131m\u0131na ve haklar\u0131na sahipse, sunucunun g\u00f6nderdi\u011fi do\u011frulay\u0131c\u0131 mesaj denetleyicinin istemciye LAN\u2019a eri\u015fim izni vermesiyle sonu\u00e7lan\u0131r.<\/p>\n","protected":false},"excerpt":{"rendered":"

    IEEE 802.1X standard\u0131; noktadan noktaya ba\u011flant\u0131lara sahip LAN portuna tak\u0131lm\u0131\u015f cihazlar\u0131n kimlik do\u011frulama ve yetkilendirilmesine olanak sa\u011flayan port tabanl\u0131 a\u011f eri\u015fim denetimidir. A\u011fda port tabanl\u0131 kullan\u0131c\u0131 do\u011frulayabilmek ve herhangi bir kullan\u0131c\u0131ya ya da gruba \u2018a\u011fa eri\u015fim politikalar\u0131\u2019 uygulamak amac\u0131yla kullan\u0131l\u0131r. Kimlik do\u011frulama ve yetkilendirme ba\u015far\u0131s\u0131zsa o port eri\u015fime kapat\u0131l\u0131r ve bu sayede yerel a\u011f altyap\u0131s\u0131 korunmu\u015f …<\/p>\n","protected":false},"author":1,"featured_media":6857,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[30],"tags":[],"class_list":["post-5942","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ag"],"jetpack_publicize_connections":[],"aioseo_notices":[],"views":157,"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.bilisimonline.net\/wp-content\/uploads\/2020\/02\/image.png?fit=1024%2C768","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7k56R-1xQ","jetpack-related-posts":[],"_links":{"self":[{"href":"http:\/\/www.bilisimonline.net\/index.php\/wp-json\/wp\/v2\/posts\/5942"}],"collection":[{"href":"http:\/\/www.bilisimonline.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.bilisimonline.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.bilisimonline.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.bilisimonline.net\/index.php\/wp-json\/wp\/v2\/comments?post=5942"}],"version-history":[{"count":3,"href":"http:\/\/www.bilisimonline.net\/index.php\/wp-json\/wp\/v2\/posts\/5942\/revisions"}],"predecessor-version":[{"id":6860,"href":"http:\/\/www.bilisimonline.net\/index.php\/wp-json\/wp\/v2\/posts\/5942\/revisions\/6860"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.bilisimonline.net\/index.php\/wp-json\/wp\/v2\/media\/6857"}],"wp:attachment":[{"href":"http:\/\/www.bilisimonline.net\/index.php\/wp-json\/wp\/v2\/media?parent=5942"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.bilisimonline.net\/index.php\/wp-json\/wp\/v2\/categories?post=5942"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.bilisimonline.net\/index.php\/wp-json\/wp\/v2\/tags?post=5942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}