802.1x Authentication: Security from the Center

Security is the most important topic in tech right now, full stop. There is nothing more important you can do to protect your company than to ensure your tech deployment is secure. But with almost daily news of hacks and a complex world of security measures to implement, what’s a company to do?

There are two primary steps to take with digital security: encryption and authentication. These topics are both big enough for multiple books, so today, we’re going to focus.

We’re here to clarify one aspect of tech security: authentication using the IEEE 802.1x standard.

Padlock

What is the difference between authentication and encryption?

How do you create security? One way is to lock everything down so tightly that you and only you can unlock it. This is encryption. Another way is to create a web of trust. This is authentication.

Let’s explain that in greater detail, starting with encryption and its limitations.

We all know by now the importance of strong passwords. The fact is, however, that a lot of the important stuff with encryption has nothing to do with you. It’s the algorithms that obscure passwords and the processes that randomize data.

Encryption has its problems. The biggest one is password reuse, which occurs in two ways. First, people might just use the exact same password. If that password is compromised once, it will become wide-spread knowledge, and every other account using that password is endangered. Knowing one pattern of characters — which is all a password is, after all — makes it much easier to find that pattern in the obscured-by-algorithm state that passwords are often stored.

Second, when people are asked to change their passwords, they often change it to a modification of the original password. Since password crackers are very sophisticated now, this doesn’t help with security much at all. The patters are still evident. Also, it quickly becomes very difficult to remember which variation is used for what application.

Another problem with encryption comes from changing passwords. It is, frankly, beyond human ability to devise and remember all the strong passwords the modern world demands. Password managers have taken some of the load off of the memories for the people that use them, but it’s still an imperfect situation.

Encryption is particularly a problem when dealing with businesses, because they need to have many people working together. It’s impractical — ridiculous, really — to have every item sent over the LAN encrypted with the recipient in whatever way knowing the password to gain access.

Chainlink Fence

802.1x and EAP: standards-based authentication

Authentication differs from encryption by being a method of making sure the endpoints that access a network are trustworthy. If a computer workstation, a particular port, a mobile phone — any endpoint — is authenticated, then it gets access to the LAN, which is itself secured.

But the real question is: how do you securely authenticate an endpoint?

One of the most important standards for authentication currently in use is known as 802.1x. What is it? It’s a standard that helps protect your network by controlling who can access it. Authentication requires a gatekeeper that allows access to trusted endpoints.

802.1x only lets trusted endpoints are allowed to connect to your network. Roughly speaking, the process goes like this.

There are three components: supplicant, which is the endpoint trying to join the network; authentication server, which performs the authentication and verifies identities; and authenticator, which is a switch that acts as a middleman between supplicant and authentication server.

You set up an authentication server to verify the endpoints. Between the authentication server and the endpoint that wants to join the network, you set up a switch to act as a bouncer, controlling physical access to the LAN based on authentication status.

When a supplicant, an endpoint, wants to join the LAN, it sends a signal to the authentication server through the switch. It does this using the Extensible Authentication Protocol (EAP), which comes in many different versions. When EAP is used to authenticate over your LAN, it’s known as EAP-over-LAN or EAPOL.

By having this system of controlled access, you’re able to secure your LAN much more effectively. Your systems administrator can see everyone on the network to make sure that everything is ok. Your security comes from the center.

Strategy

One part of a multi-pronged security strategy

Of course, authentication with 802.1x should only be one part of your security strategy. We are not suggesting you use it instead of encryption, but rather that you should use it with robust encryption and other methods of security.

We can’t stress enough how important tech security is! Knowing what methods you can employ to strengthen security is the first step towards building a secure network.

Look for 802.1x compatible products from IP Phone Warehouse and build a secure network from the center!

Leave a Reply

Your email address will not be published. Required fields are marked *