Today’s networks are vulnerable to excessive attacks. The principles of zero trust are the gold standard organizations use to protect apps and data. A key element of zero trust access is “trust no one, authenticate everyone”. However, current application-specific or client-specific Zero Trust Access controls do not provide an adequate level of protection for all devices on the network. In order to extend zero trust into the campus network, every wired and wireless connection must be authenticated and authorized using at least one mechanism such as IEEE 802.1X, MAB, Behavioral MAB and Single Sign On. Here, we explore how IEEE 802.1X helps in accomplishing zero trust access for the enterprise campus network. IEEE 802.1X provides the authentication framework for user devices before granting access to the Local Area Network (LAN).
Why now for Zero Trust Access?
Social engineering attacks are the most common form of security breaches on today’s LAN networks. Social engineering is the use of social skills, rather than technical skills, to gain access to restricted areas. Common types of social engineering attacks include:
Tailgating where bad actors gain physical access to restricted buildings.
Phishing Email: where employees unknowingly click on malicious email.
In tailgating, bad actors will dress professionally and carry a “burden”, i.e. equipment boxes, and follow a badged employee to the front door. Using social etiquette and skills, the employee may help “ease” the burden and let that bad actor through into the office building. Once inside, the bad actor has options to find areas in which to sniff traffic, directly plug into networking equipment console ports, install man-in-the-middle (MitM) rogue elements, or simply plug into any open wired port as if they belong at that desk. This then opens the stage for ransomware attacks.
With 98% of cyber-attacks involving some form of social engineering1, today’s IT organizations are looking toward zero trust principles to protect the network access against malicious infiltration.
Zero trust access is pertinent in protecting today’s enterprise campus environments.
REPORT BY IDC
Key Criteria When Selecting a NaaS Solution
Read about the significant changes underway in how organizations across the world are buying and managing enterprise network infrastructure.
IEEE 802.1X, used to secure both wired and wireless networks, provides the authentication mechanism to provide network access control for user devices. Rather than having a complex distributed environment, 802.1X centralizes the WLAN/LAN network authentication using a dedicated server, i.e. RADIUS server. Network switches and wireless access points can now hand off authentication to the RADIUS server using 802.1X. Once on the network, 802.1X continuously validates users and devices. The combination of 802.1X and RADIUS servers is considered the most secure method to protect wireless and wired networks today.
The RADIUS server can serve as a single point of enforcement for network access control, giving the device access to the protected side of the network after authentication. As opposed to single-sign-on (SSO) access, 802.1X uses certificates to check the credentials of the requesting user. Depending on the network policy of that user, the correct level of access is granted. This prevents any unauthorized access to the network from bad actors and prevents inappropriate access by employees themselves.
How does IEEE 802.1X Work?
There are 3 main components to IEEE 802.1X:
Supplicant
Authenticator
Authentication server
The authenticator (the network switch or wireless access point) acts as a proxy between the supplicant and authentication server.
The authenticator detects a new device (the supplicant) and sends an EAP-Identity-Request for identity authentication. The supplicant, or the network access requestor, sends an EAP-Identity-Response back.
The authenticator uses this to send the access request to the RADIUS server (authentication server). The Radius server will respond back to the authenticator with a challenge notating the authentication method required. Additionally, the RADIUS server sends its own credentials to prove itself to the client and avoid Evil Twin attacks. The authenticator passes this method back to the supplicant.
The supplicant checks the authentication server’s credentials while also sending its challenge-credentials back to the authenticator
The authenticator will relay these credentials back to the RADIUS server to receive an APPROVE or DENY. Once approved, the authenticator will transition that port from unauthorized to 802.1X authorized for access.
VIDEO
Securing Enterprise Networks with Zero Trust Models
Join us as we talk about the security threats affecting enterprise networks today.
One of the benefits of utilizing IEEE 802.1X to secure network access is the ability to prevent network access to those who either are unauthorized or do not physically belong on the corporate network. While a powerful methodology to secure the network, IEEE 802.1X deployment can be cumbersome for the wired environment. This is where many IT organizations, especially those with limited staff, weigh the risk versus complexity ratio. Often, organizations end up leaving their wired ports vulnerable to attacks with the absence of wired 802.1X authentication.
Guidelines for today’s campus network drive simplicity in design and execution for securing network access. IEEE 802.1X deployment, with associated RADIUS server, across both wired and wireless environments establishes the gold standard to experience Zero Trust Access in the enterprise campus environment.
IEEE 802.1X, a key component for NaaS
The Nile Service delivers the enterprise campus network completely as-a-service. With this comes the first network to deliver guaranteed network performance outcomes based on strict SLAs. Nile’s NaaS service is engineered from the ground-up around the principles of zero trust, inclusive of end-to-end MACsec, IEEE 802.1X across wired and wireless, and automated security patches. All of this is delivered in a simple, pay-per-user consumption model.
1 Security is the number one reason to update software 2 Cyber Security Trends in 2021 3 Admins: Patch management is too complex and cumbersome 4 Patch Management
Get started today
Ready to get started and experience the power of Nile’s solutions?
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.