802.1X Enterprise Authentication: What it is, and why it’s good for organizations
By Haley Clark & Nick McCourt
The story of 802.1X authentication’s growth is like that of many new security technologies. Network administrators used to treat certain types of new security technology as too complicated for small to medium-sized businesses. These technologies were occasionally discussed but never given much thought.
The reasoning was simple: “If we password protect everything, that’s good enough, right?”
But that reasoning was always flimsy. And as technology advances, it requires new and updated security layers to protect infrastructure and resources. Today, individuals and organizations ranging from small businesses to entire countries find themselves under attack threats. There is no rest for the weary when it comes to cybersecurity. Because of these ever-evolving risks, organizations have begun to look at those security technologies once dismissed with renewed interest.
The term “802.1X” doesn’t mean much to the average individual. You might look at it and just see some random numbers. But it’s worth knowing: this security technology is incredibly beneficial in defending a network’s infrastructure.
What is network authentication security?
Think about the Wi-Fi network you use at home. You need to enter the password to use it, right? That’s a level of security on your network: it ensures that random people can’t just automatically connect to your Wi-Fi and, from there, could do some real damage. This type of protection is called a Pre-Shared Key Network (PKSN).
For organizations that deal with sensitive and valuable information, you need more security. Hackers can potentially capture a PSKN’s password over-the-air. And the more people who know a PSKN’s password, the more dangerous it can be. A disgruntled former employee, a malicious hacker posing as a guest, someone putting the password on a sticky note near their desk — these are all potential issues that come with a PSKN.
What is 802.1X?
802.1X is the gold standard of network authentication security.
An 802.1X network has an authentication server. Each user who wants to gain access to the network has their information run through this server first. The server checks the user, and its approval allows the user to use the network.
An 802.1X network doesn’t rely on just one shared password like a PSKN. As an example, if an employee leaves the company, their credentials can be revoked. So, if they try to log in later, they won’t be able to access the network. In a PSKN, the two options would be risking unauthorized entry by not changing the password… or inconveniencing everyone else who uses the network by changing the password.
Another benefit is that users can be assigned levels of access to the network. Not everyone in your network likely needs the same (full) level of access. A junior-level employee probably doesn’t need complete control or access to every piece of sensitive information. And you should always limit the amount of access to as few people as possible. 802.1X makes this easier.
802.1X: Certificate-based authentication vs. credential-based authentication
We mentioned that users on an 802.1X network need to run their information through the authentication server. What information determined access?
There are two primary options for 802.1X: certificate-based and credential-based authentication.
Credential-based authentication relies on user-defined credentials — think a username and password. It puts the responsibility in the user’s hands, and because of that, it’s the insecure option. Hackers can still steal a user’s credentials over the air, and users are still at risk from phishing attacks.
Certificate-based authentication relies on the server/certificate issuer, which identifies the user or device based on the certificate.
- The end-user device (such as a desktop or laptop) is provided with a certificate that establishes their identity.
- The network has an authentication server that interacts with the end-user device.
- Once identity is verified, the machine can use the network.
This authentication is the more secure option because it does not rely simply on the user’s credentials. It prevents over the air theft of credentials and, depending on the situation, a phishing attack might be ineffective.
The least exciting part about this kind of security is preparing and defining rules for everyone in the organization to follow. To use 802.1X to best effect and have proper protection for the network, the organization needs to have the following:
- Defined, written, and followed IT Security Policies. An assortment of rules and guidelines (or worse, nothing) makes it easier for unauthorized behavior to happen undiscovered.
- Control and inventory of all machines deployed for the organization. Technology management is necessary for companies for several reasons but is especially crucial if you’re dealing with certificate-based security for your network.
- Designed and defined network infrastructure that will support the use of 802.1X. Your usage of 802.1X can be a pleasure or a pain — professional 802.1X solutions can make your network feel seamless.
- Knowledgeable Network Administrator or Managed Services Provider to support the implementation. The only thing worse than implementing something is implementing something and then letting it gather dust. Maintaining a solution like this is critical to making sure it stays functional and works great.
The bottom line
802.1X is a secure network authentication security system for your network. Even if you’re a smaller organization, you should consider more robust network security if you’re dealing with sensitive data. Technology like 802.1X is not an unreasonable solution to implement. Instead, solutions like this are becoming more important to protect networks at an elevated level. With solutions like 802.1X, companies can feel more secure in the safety of their data.
Interested in learning how Domain can help you implement 802.1X and other security measures for your business? Reach out and start the conversation today.
We do IT differently.
Find out what sets us apart from all the other IT companies out there.
By The Domain TeamWhat happens when SonicWall, one of your biggest vendors, announces a potential cybersecurity threat over the weekend? If you’re us, you get to work.A potential SonicWall vulnerability that potentially affected our clients On Saturday morning, our...
By Haley Clark & Nick McCourtDuring recent election years, election security has been an increasing topic of interest and discussion. It comes as our voting system has evolved from shouting on rooftops, to voting on paper slips, to the incorporation of more and more...
By Haley Clark & Nick McCourtThe future of the workplace is hybrid. The pandemic acted like a bulldozer for the concept of remote work, normalizing (through force) something many companies were only beginning to consider. The hybrid workplace — with some workers at...