CS141 / BACS now with IEEE 802.1X

11 April 2022

Security – Standard IEEE 802.1X 
The CS141 establishes new security standards

Break-ins into semi-open or not fully closed networks have always been one of the biggest problems for system administrators: As soon as a user is allowed to log on to a network with their given device, they establish basic access to the infrastructure points whose IP addresses are known. Thus, it follows logically that first line of defense for such break-ins the exercise of discernment as to which network-enabled device ought to be allowed access to the network, regardless of its user.

It’s of course understandable that a company wants to deny unchecked private devices access to its own protected intranet. However, this becomes more and more difficult to enforce as the number of employees and computers in the company increases. The simplest solution here is to simply “lock out” unauthorized hardware from the system via IEEE 802.1X: a device that does not meet the access criteria is not assigned a port, and without an open port there is no way to penetrate a network.

The principle of IEEE 802.1X is relatively simple to explain

On the one hand, we have a so-called supplicant who wants to log on to a network. As soon as the connection is established, it asks for an IP address from the network:
With an active IEEE 802.1X, however, this is not possible "without further ado". In its function as an "authenticator", the router first clarifies whether the requesting device is allowed to access the network at all: A supplicant needs permission from the responsible server to enter the network.
Only if the server agrees, a port is opened for the client, through which it can then enter the network.
In this way, one ensures in the first instance from a central location - in this case a RADIUS server - that only devices that are also authorized by the administrator have access to a LAN.

With firmware 2.04, every CS141 / BACS offers IEEE 802.1X function automatically, so that IT decision makers can identify and discerningly allow "known trusted UPS network devices" in their networks!