With ever increasing security threats, new protocols and responsive solutions, we frequently come across gaps in network access control. These often-overlooked gaps are significant. Eliminating them could reduce the need for damage control by 50% or greater. Our suggestion: follow the basic and critical IEEE standard for port-based Network Access Control, IEEE 802.1X. Where should you start? Addressing these top three gaps will make the biggest difference in creating a secure environment.
Give your wired network as much attention as your wireless one. Wired networks can be extremely vulnerable jumping off points for hackers. All it takes is one unauthenticated device to connect to the network and launch a full-scale attack. It’s more than possible, it happens all the time. Employee personal devices are a big problem. You can deflect the “insider threat” by preventing employees from connecting their personal devices to the company network, and instead, connect their devices to the wireless guest network.
802.1X – standard for authenticating devices to a network – is your north star here. When this protocol is in place, anyone who attempts to connect a device to a wired network that fails to successfully authenticate will get a splash page to authenticate the device and log into a guest network, which is isolated from the corporate network.
This two-step standard of authentication and segmentation provides an enormous amount of security and is one of the easiest protocols to implement.
Rogue Device Detection
I’ve personally seen rogue device detection take hours, sometimes even days. This is far too slow. The difference between identifying and shutting down a rogue device in minutes versus hours could mean the difference between your business not being disrupted and being totally crippled.
You may have heard the story of Maersk, a shipping company destroyed by a ransomware attack that came in from a rogue device. Hackers count on device detection being slow, and all they need are a few minutes to penetrate your network and launch an attack.
When you enable 802.1X, it gives you exceptional visibility into devices that shouldn’t be on your network. Despite that many companies have implemented solutions and systems to support 802.1X, it’s surprisingly one of the standards that often gets overlooked or not fully deployed.
This has become a huge issue for enterprises as they expand the prevalence of IoT devices on their networks. We’re seeing IoT environments with all assets connected to both wired and wireless networks. These devices are busy gathering data and in some cases, actuating and reporting on that data. This makes these devices honeypots for hackers. Seemingly innocuous things like printers are extremely easy points to exploit and use as a jumping off point to launch an attack inside the organization.
Take regular inventory lists of all devices and make sure they are secured both on wired and wireless networks. Here’s a shocker: many of these assets can be configured to support 802.1X authentication. It is a tremendous amount of work to do this, which is why many organizations don’t go through the trouble to secure them. If this sounds like your org, call in for reinforcements. In another blog post, we talked about how to secure IoT environments in more detail.
Closing these gaps yields a big return on security, and can save your company thousands of man-hours and expenditures by preventing breaches from happening. Yes, 802.1X can be complex and tedious to configure in some instances, but it’s critical. It should be a priority in any security plan, in any size company. Again, if it’s not something your security has the bandwidth to manage, call in for reinforcements.