Securing physical port access to your infrastructure is something that is reasonably straightforward to implement these days, but it wasn't always the case.
Securing physical port access to your infrastructure is something that is reasonably straightforward to implement these days, but it wasn’t always the case.
Since the birth of 802.1x, its integration and implementation into Windows XP (via the wired LAN service) was always a little hit and miss. The service didn’t always start and when it did, it could attempt to authenticate with the wrong credentials. 802.1x or NAC (Network Access Control) has come a long way and is a little more refined. It’s easier to customise the authentication method in the wired or wireless service, hooking in quite nicely to AD (Active Directory) and group policy to push the settings out to your corporate users for a quick and seamless switchover.
However, NAC alone isn’t enough to secure the network. We have to go one step further, by not only authenticating the device (or at least has an authorised person using it) but to also assess that the computer meets corporate standards. These corporate standards could be items such as: Anti-Virus enabled and up-to-date, Windows critical updates installed, Windows firewall enabled etc. This is called posture assessment, and based on the posture result of a check against a device we can perform specific actions. These may be to allow access, change a port VLAN membership such as a quarantine VLAN should the PC require remediation, or to block access entirely.
To give an example, our NAC solution is setup to authenticate all clients, wired or wireless, against AD using Certificate issues by the enterprise CA. At this first step any failed authentications, or clients that do not support 802.1x are placed into the guest VLAN, which only has access through the firewall to the internet. Clients passing this check then have their posture assessed using Windows Health checks. Clients that have not checked in with Windows update in the last 2 weeks are placed in the quarantine VLAN for remediation. Any other clients that do not support Windows health checks (such as my MAC) are placed in a separate client VLAN. You may be wondering, “What about devices such as printers?” Well, we also incorporate a solution for those. The printer’s MAC address is placed on our radius server and the switch attempts a Mac Authentication Bypass for any clients that do not support 802.1x. In this case our printer is authenticated by its Mac address, placed in the correct VLAN. For added measure, for anyone trying to spoof the MAC address, a downloadable ACL (Access Control List) is passed to the switch, allowing the printer to only communicate to client subnets.
To learn more about how your organisation could benefit from using NAC, please contact a member of the Atomos Networks’ technical sales team on 0113 323 7722 or email sales@atomosnetworks.com
Analysis
Protecting your network from cyberthreats may seem completely obvious in this day and age. However, it's all too easy to assume that you have the right level of network security, when in fact you do not. This is why we always begin with a thorough assessment, providing a full audit of your existing cyberthreat measures. We then deifne the network areas, servers - and of course individual users that need protection - and at what level.
Firewalls
We treat the business of network security very seriously indeed. We're experts in this field and along with security vendors like Check Point, we view security as a business process which requires significant consideration and investment (if the scope so requires). We can provide you with world-class firewall products, all of which are next generation. Since we’re not a ‘one size fits all’ IT consultancy, we ensure that the firewall product we recommend meets the exact network security needs of your business.
Equipment Upgrade
With network and security technologies advancing at such a rate, office moves are a perfect time to audit network and security kit. We are trusted partners to a number of industry-leading vendors including Cisco, CheckPoint and Aruba. As experts in cyber and network security, we will proactively make recommendations around integrating new technologies to your existing infrastructure - seamlessly and efficiently.
Network Switching
Network switches are the backbone of any IT infrastructure. We've partnered with Cisco to deliver a strategic advantage to your network. Cisco switching solutions can be customised according to your exact technical and budgetary needs. For more information please contact our technical sales team to discuss further.