top of page

Vidder vs Microsoft 802.1x

For the reasons described at a high level below, we can help you add functionality and increase security in complement to 802.1x.  

 

The short version is:

  • 802.1x for basic ON/OFF control at the LAN edge

  • Trusted Access Control (Vidder) for granular, scalable, application access control based on context-aware policies

    • Works for both internal and cloud based apps

    • Built-in and transparent MFA (which you don’t get with 802.1x)

    • Packet path encryption (which you don’t get with 802.1x)

    • Stops compromised PC’s from inside the network perimeter from pivoting to attack the enterprise applications inside the network. 

802.1x is a Layer 2 protocol that allows and endpoint to communicate with a LAN edge device (switch or wireless access point), without there being a Layer 3 network connection established (yet).  

In traditional NAC, 802.1x is used by a device to convey credentials and software posture information to the edge device. This information is then communicated by the edge device to the back-end for authentication and for posture checking. If both of these “check out” the wireless switch, then allows DHCP to be sent to the edge device so that it can get an IP address and join the IP network. If the credentials and/or posture checking don’t check out, the device may be blocked from gaining access to any network, or under some circumstances perhaps connected to a “remediation” network so that it’s software can be updated.

Not that this describes “traditional” NAC which is also sometimes described as “guilty before proven innocent”, because no device can join a Layer 3 network prior to being “checked out”.  

Some people view the use of 802.1x as being definitional; - meaning it is only NAC if you are suing 802.1x.  

Others just view it as one mode – the more traditional one. 

For someone who has already implemented 802.1x, Trusted Access Control (provided by Vidder) is not best understood as replacement, it is complementary.  

802.1x gives you a control right at the edge of the network that you can use to control whether devices connect to the network or not. For the devices that you DO allow to connect, the existing solutions are not very scalable and manageable for exerting further granular control over what they can connect to.  

Trusted Access Control fills that void – although it is probably more accurate to say we provide granular control over what devices CAN’T see or connect to rather than what they can. And Trusted Access Control also allows you to extend such control to applications that are not inside the corporate network.

Compromised PC’s inside the network perimeter can then pivot to attack the enterprise applications inside the network. Since the compromised PC’s are authorized PC’s, 802.1X is happy to let them connect to the internal network, such that the adversaries can scan the network looking for vulnerable servers. 

Note that Rapid7 recently released a report documenting the methodologies that their pen testers used to access data within an organization. They found that in 96% of pen tests, once their pen testers were inside the network, they could find at least one server with known vulnerabilities that could be exploited. And, further, they found that with the same percentage of success they were also able to find servers with configuration errors (e.g., default passwords) that they could also be exploited. 802.1X doesn’t help with either of these, but PrecisionAccess does.

RENT AND PURCHASE SECURE SOFTWARE AND

DIGITAL INVESTMENT PRODUCTS

FROM GLOBAL IT INDUSTRY LEADERS

Please use the feedback form and the provided contact details to contact

the sales department and your advisory manager

© 2024 by AmBits. Proudly created with QAI TECHNOLOGY - FZCO

DSO-FZCO-44292

Email: ceo@queens-ai.world

Adress: 

Premises Number :46483 - 001, Building A1, Dubai Digital Park, Dubai Silicon Oasis,

Dubai, United Arab Emirates

+971 50 304 6506

bottom of page