802.1x protocol, your network's first line of defense
Last year 90% of organisations considered that they were vulnerable to insider threats. According to Insider Threat Report 2018, the main risk factors indicated were: the great number of users who can access information which, according to their job description, they shouldn't even be able to view (37%); the ever-increasing number of equipment that has access to sensitive data (36%); the increasing level of complexity of IT technologies (35%).
In order to prevent and block such categories of risks, there are advanced solutions for Data Loss Prevention (DLP), Intrusion Prevention System (IPS), Intrusion Detection Solutions (IDS), Unified Threat Management (UTM) bundles, etc. In addition, by implementing the IEEE 802.1x security protocol you can ensure the basic protection of physical access to wired and/or WIFI networks within the company.
Thus, by adopting this protocol you get better protection against any attempts of unauthorised equipment to connect to your network, and you can keep under control serious security threats, such as: attempts to steal information, launching of malware infections by insiders, initiation of Man-in-the-Middle attacks, etc.
Here is how 802.1x works, without going into technical details: whenever you connect a laptop (or any other device) to a network port, this protocol makes the equipment prove that it has such right before being given actual access. For this, the laptop must send a number of credentials to an authentication server, and any other form of traffic received or generated by the equipment is blocked. If the data supplied aren't accurate, the authentication process fails and the laptop cannot connect to the network.
Immediate benefits
One immediate benefit of the 802.1x protocol is that it helps IT departments to ensure simple, quick and safe access to the network for newly brought equipment – an important aspect for companies using Bring-Your-Own-Device (BYOD) strategies. Moreover, it also facilitates the management of visitors, partners or subcontractors, to whom limited access rights can be granted. Last but not least, 802.1x also simplifies access restriction procedures ‒ a necessary operation especially for former employees.
Secondly, this protocol can be used for secure access to both wired, and wireless networks. In addition, it can authenticate multiple types of equipment, from PCs, laptops, tablets and smartphones to IP phones, surveillance camera networks, etc.
Thirdly, given the fact that it is an Open standard protocol, 802.1x ensures the interoperability and compatibility of several authentication methods from different vendors. For example, ECKO's specialists can help you use this protocol together with the Cisco Identity Service Engine authentication, authorisation and certification platform. ISE determines the identity, location and history of access to the network for each user, the user's level of authorisation, and the level of compliance of the equipment with internal security policies. But it might as well be used in simple configurations, based on open soruce solutions, without any big initial investments, whatever the size of the organisation.
The 802.1x protocol essentially works as your company's first line of defence. And it quickly demonstrates its usefulness for companies with access points in public spaces (reception areas, conference rooms, etc.), enabling the creation of separate VLANs for outsiders, who can be granted limited access to the network. Digital certificates are transmitted using a secure communication channel; thus, credentials are protected against interception attempts.
Last but not least, the implementation of the 802.1x protocol enables the centralised management of network authentication and access methods, thus the IT staff are able to manage multi-site networks easily.
These are solid and especially practical arguments that ECKO's specialists can help you take advantage of with minimum financial effort from your company. Contact us, and we shall provide you with all the help you may need.