Understanding 802.1X Protocol & Network Access Control

802.1x protocol

What is the 802.1X Protocol?

802.1X is a networking protocol that provides an authentication method for devices wishing to connect to a LAN or WLAN. 802.1X has exception flexibility due to the fact that it’s based on the Extensible Authentication Protocol. EAP is a highly pliable standard, as it encompasses the range of EAP authentication methods, including MD5, TLS, TTLS, LEAP, PEAP, SecurID, SIM and AKA.

An IEEE standard for port-based NAC, the 802.1X also allows network administrators to provide access control parameters across wireless access points. The increasing dependence on wireless networks in corporate offices means network security teams must now address a growing and diverse threat surface, especially if BYOD policies are in use. 802.1X allows these teams to now be able to enforce strict access control policies for their highly mobile workforces and maintain compliance with confidence.

What Can 802.1X Do?

The 802.1X protocol is currently used for network access control in a number of ways:

  • Pre-admission control: Blocks unauthenticated messages
  • Device and user detection: Identifies users and devices with pre-defined credentials or MAC addresses
  • Authentication and authorization: Verifies and provides access.
  • Onboarding: Provisions a device with security, management, or host-checking software.
  • Profiling: Scans endpoint devices.
  • Policy enforcement: Applies role and permission-based access.
  • Post-admission control: Enforces session termination and cleanup.

Additionally, 802.1X can deliver L2 control as it validates users and devices attempting to connect to physical ports in the office.

How Secure is 802.1X?

Today, 802.1X is the golden standard when it comes to network authentication. The protocol prevents over-the-air credential theft attacks like Man-in-the-Middle attacks and Evil Twin proxies. This authentication is significantly more secure than PKI networks. There is some variation when it comes to 802.1X protocol security, however. First, if end users are left to manually configure their devices, there’s a much higher potential for credential theft. In a perfect world, configuration would be conducted by knowledgeable IT staff.

Another variation in security effectiveness relies on whether an organization is using credential-based authentication or certificate-based authentication. Certificate-based EAP-TLS is know to significantly reduce organizational risk when it comes to credential theft. This the most effective way to utilize 802.1X in a corporate networking environment. Not only can 802.1X stop credentials from being sent over the air where they can be easily stolen, but it forces users to go through an enrollment/on-boarding process that ensures proper device configuration.

Try Portnox CLEAR for Free Today

Gain access to all of Portnox CLEAR’s powerful NAC capabilities for 30 days!