We’ve added a new feature to AEOS door controllers to help increase the security of your AEOS access control system.
Available with AEOS 2021.1, and versions after that, is support for 802.1x – an industry standard for port-based network access control. It uses authentication to ensure that only trusted devices can connect to your IP network.
How 802.1x works
To keep things simple, let’s start with an example outside of physical access control. Imagine you have a network outlet in reception. When an employee plugs in their laptop, the 802.1x protocol checks that it’s loaded with the correct digital certificate and, if it is, allows access to your network.
If a visitor plugs their laptop into the same network outlet, 802.1x will reveal that it doesn’t have the required digital certificate. And so access to your network will be denied.
When it comes to access control, the devices attempting to connect to your network are controllers.
So, how can 802.1x protect your AEOS access control system?
What you should have:
- An authentication server such as a RADIUS server.
- Controllers pre-loaded with trusted digital certificates.
Here’s how it works;
- The controller is connected to a network switch.
- The controller shares its identity, via a digital certificate, with the switch.
- The switch checks the controller’s identity with the RADIUS server.
- The RADIUS server confirms the controller’s identity with the switch.
- The switch opens the network ports and allows the controller to connect to your IP network.
If the controller isn’t loaded with a trusted digital certificate – for example if someone’s trying to hijack your access control system by adding their own controllers – the RADIUS server won’t authenticate it. And the switch won’t give the controller access to your IP network.
802.1x in AEOS
AEOS takes the lead in implementing industry security standards by implementing 802.1x on our door controller. The implementation of the protocol is based on EAP-TLS. It uses the Nedap default certificates so that we can ensure protection right out of the box.
As there has been no open standard developed yet to easily implement and maintain customer-specific certificates on an IP device,
AEOS does not support this option.
How does 802.1x fit in cybersecurity?
- 802.1x is about authentication – it forces controllers to authenticate themselves before being allowed access to your network.
- Our cybersecurity solutions are about encryption – it ensures communication between the elements of your AEOS system is encrypted.
You don’t need to implement 802.1x to achieve AEOS cybersecurity solutions. And you don’t need AEOS cybersecurity solutions to use the 802.1x standard.
Want to know more about our cybersecurity solutions, download our interactive PDF here.