In the age of digital transformation, institutions continue their work by paying more attention to both data security and network security. Especially with the COVID-19 pandemic, more employees have switched to working from home and network access has become more complex. At this point, security technologies such as Network Access Control (NAC) and IEEE 802.1X play a critical role in protecting information security. The Presidential Digital Transformation Office requested that precautions be taken against the digital problems of the current world; It has prepared the Information and Communication Security Guide for institutions and organizations to take the necessary precautions. There are methods and standards that can be used for the precautions that need to be taken. First, let's examine NAC and IEEE 802.1X and then examine together what solutions they will bring to the issues included in the Information and Communication Security Guide.
Network Access Control – NAC
NAC, also known as Network Access Control, is a method used to control and secure an organization's network access. Devices that want to connect to the network (computers, smartphones, IoT devices, etc.) must meet certain security and compliance requirements. NAC controls these requirements and blocks or allows devices to access the network. These checks include factors such as whether antivirus software is up to date and whether current security patches have been installed. NAC helps keep malware and potentially dangerous devices off the network, while also providing network administrators with tools to monitor and manage devices.
Thanks to NAC, organizations are protected against malware, dangerous devices are prevented from entering the network, and the ability to monitor and manage network devices is gained.
NAC network security occurs in 4 stages;
- Authentication
- Authorization
- Security Scanning
- Improvement
All of these stages run simultaneously; in case of an error in any of them, user access is blocked and the network is protected.
IEEE 802.1X
802.1X is a standard for network access control and forms the basis of network access control (NAC) solutions. The 802.1X standard is designed to increase network security and prevent unauthorized access in wired and wireless networks. 802.1x was initially designed for use in wired local networks, but has recently gained popularity with the increased use of wireless local networks.
The components and operation of the 802.1X standard are as follows:
Supplicant: Supplicant is the device that wants to connect to the network. As an example, a laptop or smartphone can be said. The supplicant uses the 802.1X protocol to present credentials and request access to the network. The message in which the requester sends the identity information is called EAP-Request/Identity.
Authenticator: An authenticator is the network device that authenticates the requestor. An example is a network switch or wireless access point. The authenticator sends authentication requests to the requester and manages the authentication process. The authenticator receives the response from the authentication server. If this response means the authentication is successful, it is called EAP-Success, if it means it is unsuccessful, it is called EAP-Failure. In case of EAP-Success, it allows the requester to connect to the network, and in case of EAP-Failure, it does not accept the requester to the network.
Authentication Server: An authentication server is a central server that verifies the requester's credentials and makes authorization decisions. It usually works using the RADIUS (Remote Authentication Dial-In User Service) protocol. The authentication server verifies the identity of the requester using the username, password, certificate, or other authentication methods.
Compliance with DDO Information and Communication Security Guide
Every organization's security requirements are different and a road map is needed to meet these requirements. This is where the Information and Communication Security Guide comes into play. The Presidential Digital Transformation Office Information and Communication Security Guide guides individuals or institutions who want to ensure network and data security with the articles it contains. Among these articles, measure 3.1.1.7 highlights the importance of NAC and IEEE 802.1X:
“In order for only approved hardware to be connected to the corporate network, devices connecting to the corporate network must be authenticated using the 802.1x standard or NAC solutions.”
Which Industries Should Benefit from NAC and IEEE 802.1X?
Every institution and organization can ensure network security by taking advantage of NAC and IEEE 802.1X, but especially sectors that provide critical infrastructure services need solutions that provide network security and authentication such as NAC and IEEE 802.1X. Among these sectors;
- Communication,
- Finance,
- Energy,
- Health and
- Sectors such as education are included.
By using NAC and IEEE 802.1X, institutions and organizations that provide critical infrastructure services have the opportunity to minimize possible large-scale economic damages, data leaks, and risks of loss of life, especially in health situations, that may arise from security vulnerabilities.
SOURCE
Presidential Digital Transformation Office Information and Communication Security Guide
https://cbddo.gov.tr/SharedFolderServer/Genel/File/bg_rehber.pdf
What is Network Access Control?
https://www.cisco.com/c/en/us/products/security/what-is-network-access-control-nac.html
802.1X: Port-Based Network Access Control
