Skip to content

The Truth About MAC Spoofing

The threat behind MAC spoofing

When implementing any insurance policy, you need to start with estimating the level of risk, the probability of that risk, and the potential damage should that risk become a reality.

One of the network risks that is often presented to demonstrate the ineffectiveness of 802.1x solutions is the ease of bypassing modern network access control (NAC) by using MAC spoofing. Usually, this involves spoofing the network printer or other vulnerable device.

Now, let’s put aside the fact that network printers today can support certificate or credential-based authentication, and that certain products have remedies against such attempts even when the authentication is based on MAC.

Let’s consider: is MAC spoofing a legitimate threat or an exaggerated, manageable flaw?

But before I try to analyze this risk, I want to point out the biggest advantage a NAC solution can give an organization to cope with modern cyber security threats: the ability to apply dynamic segmentation based on device type or identity.

Without going into too much detail, NAC is one of the only systems that can help you prevent lateral movement, indirectly allowing you to identify breaches and directly helping you to prevent the compromise of your crown jewels.

The threat landscape

Here are some of the most common adversaries when it comes to MAC spoofing:

  • The employee – a disgruntled current or former employee
  • The guest – a contractor, customer, patient, etc. who physically visits your organization for a period of time
  • The hacker – a malicious person trying to attack your network and steal information, causing harm to your organization

And here are the most common attack surfaces:

  • Wifi
  • Wired, ethernet switches

One caveat: most wifi environments contain managed devices. So, for devices that do not have an 802.1x supplicant, and thus does not support certificate-based authentication (or credentials based), it is easy to setup an isolated segment and significantly lower the risk of attack.

As such, we’ll put our focus on examining wired environments, and how they’re vulnerable to the above adversaries.

Adversaries in-depth

Let’s be clear – MAC spoofing requires some technical knowledge to execute, which the non-technical lay person typically does not possess. Those doing it know what they’re doing, and they know it’s wrong.

With that said, it’s important to point out that a lot of damage is caused by the unintended – i.e. people clicking on a link in an email, deleting the wrong record or file, or even dropping a laptop into a pool.

The employee

Employees should be trustworthy. If they’re not, cyber security is likely not your problem. But, when someone is fired, laid off, or even just mistreated at work, there always exists the potential for them to hold a grudge. It’s human nature.

Disgruntled employees can pose a big risk. If an employee still works for an organization and he/she is determined to do damage, that’s a problem that’s nearly impossible to prevent. The network connection alone is not going to stop he/she from stealing data or worse. This individual likely already has access through other corporate devices and the credentials to access whatever data he/she wants.

At the end of the day, however, this individual’s risk of MAC spoofing can be categorized as “very low” with “low” probability and “low” potential for damage. The reason being is that the potential damage done is not necessarily related to network connection. The first line of defense against a disgruntled current of former employees is physical barriers – i.e. locked doors and other physical security.

The guest

A guest visiting your office might want to connect to your network. Most likely, this guest will not go to great lengths to hack your network if they are initially blocked. By supplying a guest network, such as a guest wifi, you will effectively eliminate that risk all together. Thus, like the employee, this individual’s risk of MAC spoofing can be categorized as “very low” for both probability and damage.

The hacker

A hacker will need physical access to your network in order to do his/her job. Today, spearhead attacks can enable hackers to access your networks from afar. Doing so, however, typically requires some sort of motive.

This motivation is often dependent upon the type of business you operate. If you’re in military and defense, for example, you likely have a higher than average risk of being the target of such an attack. The same going for banking and financial services, healthcare and any other industry with highly sensitive and confidential data.

For most organizations, the threat of physical access hacking is typically low, while the potential for damage could be high. Should a retailer fear physical burglary just because a new device has connected to its network? I think not.

In conclusion

For most organizations, the risk of MAC spoofing is almost non-existent. This is usually fairly easy for an auditor to demonstrate, and would appear as part of a comprehensive security report. So in reality, the perception of the threat is that it’s a much larger problem than it actually is.

You can also prevent MAC spoofing by implementing stronger authentication methods that are fairly common today. One of the major roles of NAC is to provide secure authentication and authorization to the network. Thus, even if authentication is somehow breached, authorization serves as a second layer of defense that can limit access by putting potential individuals of risk in a specific “narrow” segment.

The segmentation of specific types of MAC-based devices is a best practice in NAC. Even if spoofing occurs, such a device won’t be able to access a particularly sensitive VLAN, such as those in Finance or HR, if proper segmentation has been established through your network security policies.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Supply Chain Attacks: What You Need to Know to Protect Against Them

Before 2020, only logistics nerds ever talked about supply chains. Then came the blatantly disruptive supply chain crunch, courtesy of the COVID-19 pandemic. West Coast ports began to choke, and Chicago railyards swelled with traffic impeding the timely shipments of goods. This led topolitical finger-pointing, heavy corporate profits and losses, and disgruntled consumers nationwide.

In 2020, we began hearing much more about supply chains and the issues facing them – but bogged down ports, crowded railways, and delayed shipping times were not the primary issues making headlines. Before all of this, most had never heard of a supply chain attack in the cyber sense until reports of the SolarWinds breach came out that year.

Prior to this expansive cyberattack, asking most folks what a supply chain attack was might conjure images of a Somali pirate heist on a container ship, plotting to resell stolen consumer goods on the black market. From a technological standpoint however, a supply chain attack involves software rather than ships, and is merely analogous to an actual chain of supplies.

A Supply Chain Attack, Defined

The heart of a supply chain attack involves corrupting a trusted application, allowing the attacker to leverage that trust and gain access to any or all users of the corrupted application. The “supply chain” references derive from the fact that modern software build applications comprise a mixture of third-party components, completely new code, and code connecting all the pieces together to solve some problem for the users of the software.

Software developers integrate the various components of the application and build or deploy the software for use. In this type of attack, malware or a “back door” gets inserted into the software itself, either through one of the third-party components, or by getting malware built in as its own component, compromising the application itself.

As an example, if an attacker were able to get into a web browser, then everyone who downloaded the browser would be downloading malware as well. In the case of SolarWinds, the attackers penetrated the corporate network, and after many months of quiet effort, gained access to the software build system of the company’s most popular product.

After that compromised SolarWinds product was installed, the inserted malware notified the attackers that it was inside a corporate network. The attackers could then use the malware to gain access to that network. From their new perch, they could deploy any number of other malware tools to exploit the corporate network.

Now what if you aren’t a software company? Can you simply ignore supply chain attacks? Probably not. Most companies write software—whether for internal use, for partners, or their customers—even if it’s only their corporate website. Any software or website can be infiltrated and used to deliver malware to the ultimate. Consequently, most companies have some inherent vulnerability to supply chain attacks.

Keeping Supply Attacks at Bay

So what should you do to prevent supply chain attackers? The most important factor is to limit access to critical assets that are part of the software development lifecycle. This means identifying which assets are critical to software creation.

The first line of defense is to ensure that they can’t get to your assets in the first place. If these critical assets are in your data center, you should implement network access control (NAC) to ensure that only authorized users on authorized devices have access to your network. For cloud assets, zero-trust network access (ZTNA) serves a similar access control function. Both NAC and ZTNA allow for micro-segmentation of network access so that users can only access required assets because limiting lateral movement can dramatically decrease the impact of any breach.

Additionally, critical assets should be protected by privilege access management (PAM), a tool that acts as a proxy between users and assets. The user logs into the PAM—preferably with multi-factor authentication—and the PAM logs into the asset itself, often auditing all user actions while logged-in.

For network devices, TACACS+ is a similar kind of proxy used for accessing network devices, which are also critical assets in any supply chain. Along the same lines, implementing the principle of least privilege limits what any given account can do in the event of a compromise.

Key Takeaways

A robust vulnerability management program strongly complements access control because it reduces the likelihood that an attacker could leverage an unpatched vulnerability in any of your software to slip past layers of access control. Controlling access, limiting lateral movement, and reducing risk from software vulnerabilities provide considerable protection against the risk of a supply chain attack.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Supply Chain Attacks: What You Need to Know to Protect Against Them

Before 2020, only logistics nerds ever talked about supply chains. Then came the blatantly disruptive supply chain crunch, courtesy of the COVID-19 pandemic. West Coast ports began to choke, and Chicago railyards swelled with traffic impeding the timely shipments of goods. This led topolitical finger-pointing, heavy corporate profits and losses, and disgruntled consumers nationwide.

In 2020, we began hearing much more about supply chains and the issues facing them – but bogged down ports, crowded railways, and delayed shipping times were not the primary issues making headlines. Before all of this, most had never heard of a supply chain attack in the cyber sense until reports of the SolarWinds breach came out that year.

Prior to this expansive cyberattack, asking most folks what a supply chain attack was might conjure images of a Somali pirate heist on a container ship, plotting to resell stolen consumer goods on the black market. From a technological standpoint however, a supply chain attack involves software rather than ships, and is merely analogous to an actual chain of supplies.

A Supply Chain Attack, Defined

The heart of a supply chain attack involves corrupting a trusted application, allowing the attacker to leverage that trust and gain access to any or all users of the corrupted application. The “supply chain” references derive from the fact that modern software build applications comprise a mixture of third-party components, completely new code, and code connecting all the pieces together to solve some problem for the users of the software.

Software developers integrate the various components of the application and build or deploy the software for use. In this type of attack, malware or a “back door” gets inserted into the software itself, either through one of the third-party components, or by getting malware built in as its own component, compromising the application itself.

As an example, if an attacker were able to get into a web browser, then everyone who downloaded the browser would be downloading malware as well. In the case of SolarWinds, the attackers penetrated the corporate network, and after many months of quiet effort, gained access to the software build system of the company’s most popular product.

After that compromised SolarWinds product was installed, the inserted malware notified the attackers that it was inside a corporate network. The attackers could then use the malware to gain access to that network. From their new perch, they could deploy any number of other malware tools to exploit the corporate network.

Now what if you aren’t a software company? Can you simply ignore supply chain attacks? Probably not. Most companies write software—whether for internal use, for partners, or their customers—even if it’s only their corporate website. Any software or website can be infiltrated and used to deliver malware to the ultimate. Consequently, most companies have some inherent vulnerability to supply chain attacks.

Keeping Supply Attacks at Bay

So what should you do to prevent supply chain attackers? The most important factor is to limit access to critical assets that are part of the software development lifecycle. This means identifying which assets are critical to software creation.

The first line of defense is to ensure that they can’t get to your assets in the first place. If these critical assets are in your data center, you should implement network access control (NAC) to ensure that only authorized users on authorized devices have access to your network. For cloud assets, zero-trust network access (ZTNA) serves a similar access control function. Both NAC and ZTNA allow for micro-segmentation of network access so that users can only access required assets because limiting lateral movement can dramatically decrease the impact of any breach.

Additionally, critical assets should be protected by privilege access management (PAM), a tool that acts as a proxy between users and assets. The user logs into the PAM—preferably with multi-factor authentication—and the PAM logs into the asset itself, often auditing all user actions while logged-in.

For network devices, TACACS+ is a similar kind of proxy used for accessing network devices, which are also critical assets in any supply chain. Along the same lines, implementing the principle of least privilege limits what any given account can do in the event of a compromise.

Key Takeaways

A robust vulnerability management program strongly complements access control because it reduces the likelihood that an attacker could leverage an unpatched vulnerability in any of your software to slip past layers of access control. Controlling access, limiting lateral movement, and reducing risk from software vulnerabilities provide considerable protection against the risk of a supply chain attack.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Leading UK Loan Lender Deploys Portnox Cloud-Native NAC Across 75 Sites

Everyday Loans is the UK’s leading independent loan lender, operating dozens of branches across the country and boasting a personal, hands-on approach to lending, uncommon in today’s digitally anonymous financial services industry.

Today, personal lending in the UK has grown to become an industry approaching 24 billion GBP, with recent acceleration due to widespread financial uncertainty and hardship in the wake of the COVID-19 pandemic.

The company’s IT department, led by Head of IT Tony Sheehan, experienced the tangible impact of this market growth as more and more customers walked through the doors of Everyday Loans’ many branches, and as the company increased its employee headcount in response to demand.

With more guests and customers on-site as well as a growing workforce, Sheehan and his team began to assess potential cybersecurity vulnerabilities – beginning with the corporate network.

Sheehan describes the company’s initial network security vulnerabilities: “We have a presence online, but we’re predominantly a face-to-face lender. We have over 75 offices with many new and repeat customers coming in to discuss a loan, as well as part-time staff for cleaning, security and maintenance. As a result, we knew network authentication was an obvious vulnerability.”

Shifting Focus to Network Authentication

Implementing a solution for network authentication was a logical next step for Sheehan’s IT team. Given the increased branch foot traffic, the company needed to ensure it had total device awareness across the network. “This was a concern voiced to our new CTO when he came on board. He agreed, so we went about looking at different tools for network authentication and access control,” said Sheehan.

Another factor driving a focus on NAC was staff turnover. “Like every company, we have staff that leave us, and we need to ensure they can no longer access our network after they’ve departed,” said Sheehan. At that point in time, Everyday Loans knew that it’s usage of a hidden SSID paired with a PSK was not up to snuff from a security standpoint. As Sheehan and his team began to research potential solutions for network authentication and access control, two requirements became apparent:

  • They had no desire to build upon their existing on-prem or virtual footprint; adding maintenance tasks to the laundry list of other IT responsibilities was a non-starter
  • The company wanted a SaaS solution that could support its existing cloud-native hardware – primarily Meraki network devices and ChromeBox endpoints

Considering Network Access Control Options

Sheehan and his team found themselves at a crossroads as they mulled over these requirements. “We were either going to double down and stand-up another datacenter as part of a general infrastructure expansion initiative which would also enable us to deploy network access control on-premises, or we were going to go out and find a cloud-native NAC solution that fit our needs,” Sheehan said.

Portnox CLEAR was the only true cloud-native NAC we could find with the deployment and support model we wanted.

-Tony Sheehan, Head of IT at Everyday Loans

Having considered Microsoft NPS for RADIUS authentication and 802.1X, and Cisco ISE for full network access control, Sheehan and Everyday Loans’ IT team made the executive decision that neither tool was suited to their existing network security needs, internal skillsets, resource bandwidth or networking infrastructure. “We came across Portnox CLEAR fairly quickly thanks to the help of our partner, Haptic Networks,” Sheehan continued. “It was the only true cloudnative NAC we could find with the deployment and support model we wanted. Each of the other vendors had some solutions that were close in functionality, but in the end, they didn’t cover our needs totally – either functionally or operationally in terms of their ease-of-use. Ultimately, we went with Portnox CLEAR since it provided coverage across all our network devices and connected endpoints.” 

Up & Running with Portnox CLEAR

After beginning a proof of concept of Portnox’s cloud-native NAC-as-a-Service, Everyday Loans ruled out competing alternatives. “It worked as expected. After comparing Portnox CLEAR’s robust, easy-to-use functionality to that of the other vendors up for consideration, we soon dismissed alternatives as they did not meet our technical security requirements,” Sheehan said.

The trial continued and Sheehan’s team threw every possible authentication and access control use case they could conjure up at the system to test its durability.

“Anyone with good network experience will pick up Portnox CLEAR with ease – it’s just a case of ensuring how you setup the network hardware and what control you have over employee and guest devices,” Sheehan went on to say.

Anyone with good network experience will pick up Portnox CLEAR with ease – it’s just a case of ensuring how you setup the network hardware and what control you have over employee and guest device.

-Tony Sheehan, Head of IT at Everyday Loans

Everyday Loans was able to deploy Portnox CLEAR across its 75 sites with relative ease, saving the company’s headquarters for last. “Portnox CLEAR has exceeded my expectations. Now that it is fully deployed, the visibility and control we have of users authenticating to the network is unparalleled,” Sheehan concluded.

“It is a huge bonus that the system easily integrates with Azure Active Directory and provides its own certificate authority out-of-the-box. Having multiple methods for authentications helps us ensure all our bases are covered. The solution has been reliable from day one.”

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Cyber Security Essential #3: Antivirus

Why is Antivirus Essential?

Antivirus software helps protect computers against malware and cybercriminals. Antivirus software looks at data – web pages, files, software, applications – traveling over the network to your devices. It searches for known threats and monitors the behavior of all programs, flagging suspicious behavior. It seeks to block or remove malware as quickly as possible.

antivirus and portnox

Antivirus protection is essential, given the array of constantly-emerging cyber threats. If you don’t have protective software installed, you could be at risk of picking up a virus or being targeted by other malicious software that can remain undetected and wreak havoc on your computer and mobile devices.

Necessary Antivirus Capabilities

Real-time Scanning

While all antivirus software is specifically designed to detect the presence of malware, not all of them detect in the same way. Ineffective products force you to run a manual scan to determine if any systems have been affected, while the best forms of software have dynamic scanning features that are repeatedly checking your computer for the presence of malicious entities. Without this feature, it’s much easier for something to infiltrate a device and begin causing damage before you even realize it.

Automatic Updates

Updates are vital for all forms of software, but this is especially true when it comes to antivirus. Because new types of malware are constantly being developed, antivirus software needs frequent updates in order to track and contain new threats that didn’t even exist when it was first installed. If you have to install updates manually, you might miss important new protections and expose your system to infection, so always make sure your antivirus software is capable of installing updates automatically and frequently.

Protection for Multiple Apps

Threats exist across the entire spectrum of applications and services that you rely on for your everyday tasks. From email clients, to your CRM, ERP, and beyond, harmful software can sneak into systems from a variety of different sources. Antivirus programs need to protect multiple vulnerable applications from potential dangers.

Auto-Clean

If the antivirus software immediately detects malicious software, why wouldn’t it delete the code on the spot? Unfortunately, some solutions simply place the malware in a quarantine zone upon detection, waiting for the user to log on and manually delete it. You should choose a program that utilizes an auto-clean feature to rid itself of viruses.

Fights Against All Types of Malware

Between trojans, bots, spyware, viruses, etc., there are many different types of malware that can harm your computer, and antivirus programs are sometimes designed only to target a specific type of software. It’s better to go with a program that can comprehensively detect all forms of malware.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Cyber Security Essential #2: 802.1x Network Access Control

Why is 802.1x Network Access Control Essential?

802.1x network access control is a technology that enables organizations to enact its own unique policy for how and when endpoints (desktops, laptops, smartphones, etc.) can connect to their corporate networks. NAC solutions are typically designed to allow IT security teams to gain visibility of each device trying to access its network, and specifically the type of device and access layer being used (i.e. wifi, wired ports, or VPN).

Today, 802.1x network access control provides a number of powerful features on top of what it was originally designed for years ago. These include security posture assessments for endpoints, which pinpoints any associated endpoint risks, allowing network security administrators to control network access based on their organization’s risk tolerance threshold.

With the rise of cloud computing, remote workforces, bring-your-own-device (BYOD) policies, and the internet of things (IoT), network access control has become a much more critical part of the larger cybersecurity technology stack at most companies. The technology itself has also evolved quite drastically in response to these emerging trends and their impact on networking and ensuring network security.

Key Functionality to Consider When Deploying a NAC Solution

Network Visibility & Device Discovery

A NAC solution discovers and identifies all devices/users in the network before they are granted network access, requiring continuous monitoring of the network and devices connected to it. The system enables the discovery, classification and assessment of every device connected to the network. Configuration and security state of every device is monitored, ensuring that the network and devices are compliant to the organizational security policy.

Full Access Layer Coverage

As today’s networks explode in size and scope, particularly with remote workforces on the rise, it’s imperative that your 802.1x network access control solution can manage access control across all existing access layers. This includes the obvious – wired ports and WiFi. It also must be able to manage the various remote access methods used within your organization. These may include VPN, Teleworker Gateways, and beyond.

Authentication Services

Traditionally, enterprises have enabled network authentication via usernames and passwords. As we now know today, this method of authentication can be easily compromised by bad actors, making it no longer sufficiently secure for enforcing network access control. Any NAC worth its salt should offer several methods for authentication, including: role-based, MAC authentication bypass (MAB), and certificate authority.

Device On-Boarding

Business units and even departments (think Finance & Accounting, for example) often have their own VLANs since they’re dealing with very sensitive, confidential data. The task of setting up such VLANs and onboarding new devices is just one of dozens of tasks overseen by frequently overburdened IT teams. So, if not done correctly at first, it can open the door to potential network vulnerabilities, such as a person gaining access to a part of the network he/she should not have the privileges for. At a small scale, managing access manually is often sufficient. For larger organizations, however, this just isn’t sustainable. As a result, many large organizations that don’t have a secure onboarding process will often compromise on network security hygiene.

Policy Configuration

Network security teams define and activate access control policies to control device access to the corporate network, which is ultimately based on the device authorization state. Once a device is authorized for network access, a network access policy determines which specific virtual LAN (VLAN) that device or user is directed to. On top of that, the policy also defines, for each type of authorization violation, whether to deny entry or whether to quarantine the device by assigning it to a specific VLAN or apply an access control list (ACL).

Endpoint Risk Monitoring

Your corporate network is only as strong as its weakest security link. This means continuous risk posture assessment is paramount. By continually monitoring the network, your network and security teams can stay ahead of cyberattacks with the ability to identify new risks in real-time, react to these risks, and take action. In a world with ever-expanding boundaries and an exponential increase in types of endpoints, continuous risk posture assessment must function no matter location, device type, or the type of data being transferred.

Device Remediation

Having a rapid remediation plan in place will not only help prevent further damage or the lateral spread of attacks but also allow for business continuity. Effective endpoint remediation consists of:

  • Automated Patch Updates Across the Network – Enforce necessary patch, anti-virus, operating system, and application updates across managed and unmanaged endpoints.
  • Immediate Incident Response – Contain ransomware events by remotely disconnecting endpoints from the network without the need for manual intervention.
  • Armed Incident Response Teams – Arm IT professionals and network admins with the ability to remotely take actions on employees’ devices. The proliferation of IoT devices over the last decade has prompted a growing number of network security concerns. With all of these devices – printers, CCTV cameras, ATMs, MRI machines, etc. – now connected to their respective networks, it’s exponentially expanding corporate threat surfaces.

Compliance Enforcement

NAC is used to enforce regulatory policies and maintain compliance across the organization. In practice, this typically means:

  • Understanding how mobile, BYOD, and IoT devices will affect and transform not only the organization but the industry and implementing the right processes and tools control them.
  • Tracking any network related device or program in real-time via a centrally secured platform providing full and actionable visibility.
  • Controlling access to the network and to cloud applications, even based on the geographical locations of users.
  • Ensuring that the business is in compliance with governmental regulations like SOX, PCI DSS, HIPPA, FINRA, FISMA, GLBA among others. Strict compliance will provide legitimacy with clients and partners.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Cyber Security Essential #2: 802.1x Network Access Control

Why is 802.1x Network Access Control Essential?
802.1x network access control is a technology that enables organizations to enact its own unique policy for how and when endpoints (desktops, laptops, smartphones, etc.) can connect to their corporate networks. NAC solutions are typically designed to allow IT security teams to gain visibility of each device trying to access its network, and specifically the type of device and access layer being used (i.e. wifi, wired ports, or VPN).

Today, 802.1x network access control provides a number of powerful features on top of what it was originally designed for years ago. These include security posture assessments for endpoints, which pinpoints any associated endpoint risks, allowing network security administrators to control network access based on their organization’s risk tolerance threshold.

With the rise of cloud computing, remote workforces, bring-your-own-device (BYOD) policies, and the internet of things (IoT), network access control has become a much more critical part of the larger cybersecurity technology stack at most companies. The technology itself has also evolved quite drastically in response to these emerging trends and their impact on networking and ensuring network security.

Key Functionality to Consider When Deploying a NAC Solution
Network Visibility & Device Discovery

A NAC solution discovers and identifies all devices/users in the network before they are granted network access, requiring continuous monitoring of the network and devices connected to it. The system enables the discovery, classification and assessment of every device connected to the network. Configuration and security state of every device is monitored, ensuring that the network and devices are compliant to the organizational security policy.

Full Access Layer Coverage
As today’s networks explode in size and scope, particularly with remote workforces on the rise, it’s imperative that your 802.1x network access control solution can manage access control across all existing access layers. This includes the obvious – wired ports and WiFi. It also must be able to manage the various remote access methods used within your organization. These may include VPN, Teleworker Gateways, and beyond.

Authentication Services
Traditionally, enterprises have enabled network authentication via usernames and passwords. As we now know today, this method of authentication can be easily compromised by bad actors, making it no longer sufficiently secure for enforcing network access control. Any NAC worth its salt should offer several methods for authentication, including: role-based, MAC authentication bypass (MAB), and certificate authority.

Device On-Boarding
Business units and even departments (think Finance & Accounting, for example) often have their own VLANs since they’re dealing with very sensitive, confidential data. The task of setting up such VLANs and onboarding new devices is just one of dozens of tasks overseen by frequently overburdened IT teams. So, if not done correctly at first, it can open the door to potential network vulnerabilities, such as a person gaining access to a part of the network he/she should not have the privileges for. At a small scale, managing access manually is often sufficient. For larger organizations, however, this just isn’t sustainable. As a result, many large organizations that don’t have a secure onboarding process will often compromise on network security hygiene.

Policy Configuration
Network security teams define and activate access control policies to control device access to the corporate network, which is ultimately based on the device authorization state. Once a device is authorized for network access, a network access policy determines which specific virtual LAN (VLAN) that device or user is directed to. On top of that, the policy also defines, for each type of authorization violation, whether to deny entry or whether to quarantine the device by assigning it to a specific VLAN or apply an access control list (ACL).

Endpoint Risk Monitoring
Your corporate network is only as strong as its weakest security link. This means continuous risk posture assessment is paramount. By continually monitoring the network, your network and security teams can stay ahead of cyberattacks with the ability to identify new risks in real-time, react to these risks, and take action. In a world with ever-expanding boundaries and an exponential increase in types of endpoints, continuous risk posture assessment must function no matter location, device type, or the type of data being transferred.

Device Remediation
Having a rapid remediation plan in place will not only help prevent further damage or the lateral spread of attacks but also allow for business continuity. Effective endpoint remediation consists of:

  • Automated Patch Updates Across the Network – Enforce necessary patch, anti-virus, operating system, and application updates across managed and unmanaged endpoints.
  • Immediate Incident Response – Contain ransomware events by remotely disconnecting endpoints from the network without the need for manual intervention.
  • Armed Incident Response Teams – Arm IT professionals and network admins with the ability to remotely take actions on employees’ devices. The proliferation of IoT devices over the last decade has prompted a growing number of network security concerns. With all of these devices – printers, CCTV cameras, ATMs, MRI machines, etc. – now connected to their respective networks, it’s exponentially expanding corporate threat surfaces.

Compliance Enforcement
NAC is used to enforce regulatory policies and maintain compliance across the organization. In practice, this typically means:

  • Understanding how mobile, BYOD, and IoT devices will affect and transform not only the organization but the industry and implementing the right processes and tools control them.
  • Tracking any network related device or program in real-time via a centrally secured platform providing full and actionable visibility.
  • Controlling access to the network and to cloud applications, even based on the geographical locations of users.
  • Ensuring that the business is in compliance with governmental regulations like SOX, PCI DSS, HIPPA, FINRA, FISMA, GLBA among others. Strict compliance will provide legitimacy with clients and partners.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

4 Things You Need to Know Before Upgrading Cisco ISE

1. Plan for Professional Services Fees

Cisco ISE is a large, cumbersome and complex application and it’s unlikely you’ll have the internal resources to throw at an upgrade. You’re not alone. This is why managed service providers exist, after all. Now with that said, you can expect to be quoted anywhere from 40-65 hours of professional services to initiate, test and complete a full Cisco ISE upgrade. Let’s hope it’s for chronological versions, and not for a significant jump if you’ve been running on a single version for years without upgrading.

Depending on the firm you contract for the work, you’ll probably see a range of hourly rates – anywhere from $175-250/hour. So, if we do the math, that’s $7,000 on the low end and $16,250 on the high end. In some cases, ISE customers have even reported paying more for third-party upgrade support. Mind you, Cisco ISE is also a product you’ve already paid for.

2. Set Aside Enough Time

It’s not hard to find the Cisco ISE horror stories on Reddit and other online communities where people have taken to detailing their ISE upgrade experiences. In more tragic cases, some ISE customers have taken to these threads to seek real-time help from strangers. The reality is that you cannot and should not rush an ISE upgrade. 10 times out of 10, those who have lived through it will suggest testing the upgrade in your lab before pushing live to production. This means setting aside the appropriate amount of time conduct the upgrade and minimize the failures (more on that below).

Configuration is complicated, and the 50+ page system upgrade checklists are a testament to that. If you’re going to manage an ISE upgrade in-house, prepare for more than 40 hours – especially if you’re not an ISE expert. And if things go awry, don’t expect prompt support from Cisco TAC.

3. Prepare for Failure

There’s a reason that Cisco provides extensive documentation for potential ISE upgrade failures – it happens a lot – especially if you opted to tackle it head on internally after balking at the above PS costs. Ultimately, planning for failure means planning for service downtime altogether. To minimize the impact on operations from service downtime, you’ll likely need to spend the weekend parsing through pages and pages of ISE upgrade instructions – missing your kid’s soccer game, unable to take your wife out to dinner, and not watching your alma mater play in the big bowl game.

Sometimes, in multi-server deployments, some of your servers in the infrastructure will not upgrade successfully. If that happens, you’ll have to rebuild the server as a new node and re-join the cluster. Sounds fun, right?

4. Be Mindful of Your Subscription

We all like auto-pay and auto-renew for some of our everyday subscriptions. It’s a little different when you’re talking about a large, enterprise application, however. You should be mindful that Cisco ISE subscriptions automatically renew for an additional 12-month term by default unless auto-renewal is deselected at the time of initial order. Three months before the end of the initial term, renewal notices will be sent to you, and you’ll or partner receive an invoice at the start of the new term.

Now, you can cancel a renewal up to 60 days prior to the start date of the new term, but if the subscription is not cancelled 60 days prior to the start of the new term, the subscription will auto-renew. Mid-term cancellations of subscriptions for credit are not allowed. Starting with the release of Cisco ISE 3.0, licenses have changed and you should check carefully to see if you can import your old license or if you need to migrate to the new license method entirely.

There IS an Alternative

With Portnox CLEAR – the first and only cloud-delivered NAC-as-aService – organizations gain actionable network visibility and continuous risk monitoring of all endpoints across all access layers – no matter device type or geo-location. Portnox CLEAR determines device type, location and level of access for every user on the network. Additionally, the platform can identify operating systems, installed applications, services, certificates and more – helping your IT team ensure compliance across the entire workforce.

With access control based on 802.1X protocol, network administrators can block rogue devices, quarantine noncompliant endpoints, limit access to specified resources and more – whatever your internal policy calls for. As a cloud-delivered solution, Portnox CLEAR is simple to configure, deploy and maintain. With built-in integrations to AzureAD, Okta, Microsoft Intune, Palo Alto Networks and more, you can easily mesh your network access control with your existing tech stack and remain as streamlined as ever.

Portnox is SOC-certified, GDPR ready, and can help organizations in preparation for regulatory compliance, such as PCI, HIPAA and more. All customer data is encrypted in-motion or at rest, user credentials never leave the organization, and administrators can be set to use MFA.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

The Best Ways to Secure Device Onboarding in The Enterprise

With the prevalence of digital transformation in the enterprise, there is a clear necessity to balance IoT security issues and BYOD security measures that will prevent suspicious or malicious devices from gaining access to the enterprise’s assets and data centers, while at the same time, making sure that productivity and easy onboarding of devices is maintained. Employees, guests and contractors are bringing all kinds of Wi Fi enabled devices to the enterprise environment and they expect easy and quick network connectivity.

Onboarding is the process in which new devices gain access to the enterprise for the first time. Unfortunately IT departments can sometimes experience additional workloads while endeavoring to get all the devices on the network so as not to hinder business productivity. At the same time, if they are not handling the process with top security standards in mind, they could potentially place users, devices, enterprise data and the network itself at risk. The question arises: how should IT Security teams allow for BYOD, IoT, contractors, guests, etc. to securely and quickly connect to the network without placing any of its components at risk of a breach or ransomware attack? The answer: automation.

By automating the entire onboarding process enterprises can achieve the following benefits:

  • Reducing the costs that are typically associated with manual work (including configuration and support activities).
  • Enhancing productivity – getting team members, contractors and guests connected to work faster.
  • Increasing end-user satisfaction – instead of hassling end-users with onboarding procedures, the whole process can and should be seamless.
  • Decreasing the risks – unmanaged, unpatched, high-risk devices should be blocked or connected from the beginning to a separate segment of the network from where the key corporate assets are stored (the “crown jewels” of the company).

Easy Device Onboarding

Employees, students, contractors, partners and guests should onboard their devices once and then automatically re-authenticate after that, within an environment that continuously monitors all devices on the networks and automatically provides a risk score for every device. This ongoing scoring allows security teams to understand the security posture of the devices and the network as a whole, at any given moment. At the same time, there is no need to have end users repeatedly re-enter credentials on subsequent network connections unless a device is deemed to have a high risk-score. This way the enterprise can easily onboard BYOD devices belonging to employees that are traveling, working remotely or working at a satellite office location. Additionally, this allows onboarding of IoT and smart devices for business such as flat screens, printers and IoT devices, as well as gaming consoles, smart refrigerators and more. These items, of course, must be on a separate segment from where company assets are kept.

Reducing Risks on the Network

A while ago Ofer Amitai, Portnox CEO, wrote about tips for securing endpoint devices on college campuses, institutions that are always desiring a relatively simple onboarding process. He discussed how changes in onboarding and guest access policies could reduce risks and improve network visibility and control. The principals for securing the enterprise require these steps and more. Having a clear onboarding set of policies will allow IT teams to have automated actions applied (see examples in the next section).

After handling the company’s initial network security audit and collecting the security posture of all devices, it is important to make sure that the enterprise authorization policies include conducting automated and continuous security assessments of the network.  This way, every device employs baseline security measures before being allowed to connect.  Additionally, the IT security team should use granular policies to govern the level of access while maintaining full visibility and control over network connected devices with the ability to revoke access at any time.

Automated Device Onboarding & Network Authentication

Having an automated onboarding set of policies can allow for automated actions such as:

  • Immediately allowing Internet access
  • Blocking/ disconnecting
  • Segmenting a device to a separate network section
  • Remediation actions

For example, IoT devices are considered to be easy to hack.  Therefore, once connected to the enterprise network, these devices should be separated from where core assets are located.  Having different segments on the enterprise network is a good solution for that.  Additionally, if a visitor is being connected, the visitor should gain access to the Internet and not to company files, even when plugging the computer to the wired network.

Two important advanced guest network onboarding features are recommended to be included:

  • Easy guest access – allowing for simple and fast connections together with the ability to continuously monitor all devices and ensure security.
  • Agentless access – once the IT administrators have set up the onboarding policy – contractors and guests on protected networks should be able to self-onboard without installing an endpoint agent.

Acquiring Advanced Onboarding Capabilities

One of the technologies that can help with safe onboarding is network access control (NAC).  In the past, companies used only desktops and laptops, connected and authenticated over a wired network, however; nowadays wireless networks and mobile technologies have introduced personal devices (via BYOD policies) and Internet of Things (IoT) to the workplace.  In addition, increasingly stringent compliance standards, such as PCI-DSS, SOX, and ISO standards require companies to openly communicate their security controls to external auditing authorities.  All of these can be achieved via NAC solutions. Network access security should be a priority for all companies moving forward.

Every enterprise today must support a rapidly proliferating world of devices and platforms.  From an operational view point, this shouldn’t pose an obstruction of workflows and productivity. Ideally, the enterprise IT team will automate and secure network onboarding and authentication so that the IT helpdesk doesn’t have to intervene when guests, contractors and IoT devices need to connect. Additionally, an effective plan for secure network onboarding will on one hand improve end-user experience for BYOD, IoT, users and guests and on the other hand improve IT security as part of a layered protection strategy.

Looking to set IT security policies and automate your device onboarding? Portnox CLEAR offers easy onboarding while never compromising on network security across the enterprise.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Regarding the War in Ukraine & Portnox Business in Russia: An Open Letter from Portnox CEO Denny LeCompte

To our loyal customers & partners,

I wanted to take a moment to provide an update on Portnox’s on-going efforts to support the people and nation of Ukraine, as well as the steps the company has taken with regards to its business dealings in Russia and Belarus.

Portnox has stopped doing business in Russia and Belarus.

The unprovoked and inhumane military aggression against Ukraine, its government, and most importantly, its people, cannot go unanswered. At Portnox, we stand in support of Ukraine and its sovereignty. This means we must stop all business operations – including sales, technical support and other services – in Russia and Belarus indefinitely. 

We stand firm in this decision and have begun working with our customers and partners throughout Eastern Europe in the midst or on the periphery of this conflict to ensure their security needs from Portnox remain not just operational, but as strong as ever.  

We know that many people, including some of our own colleagues, are directly impacted by this war. To our customers and partners, please know that Portnox is working around the clock on your behalf to continue to deliver the same excellent service, support and product availability you have come to expect from us. This will not change. 

If you have any questions, please contact your Portnox account management representative or email us at supportteam@portnox.com. We will do our very best to answer your questions and provide updates as the situation evolves over the coming days and weeks. 

Sincerely, 

Denny LeCompte
CEO, Portnox

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。