Smart Access

Network Access Control

The variety of network-compatible end devices is constantly increasing in companies. This fact causes a great deal of administrative effort and raises security issues.

In the past, IT departments only had to ensure that the company’s own devices had powerful yet secure network access, but nowadays, mobile devices owned by employees, guests and suppliers are added to the mix. This not only increases the administrative burden, but raises security issues too (e. g. chargeable feature films, higher speeds or greater volume when using mobile internet connections, etc.). The list of possible offers is almost limitless.

• Who gets access to the corporate network from where?
• How are access permissions restricted for personal devices?
• Who ensures that access authorisations are deleted promptly when an employee leaves the company?
• How can the administrative burden associated with time-limited access be reduced?

To meet the high requirements for security and compliance in spite of ever-increasing cost pressure, more and more companies are opting to implement automated network access control.

We recommend our customers to use our fully comprehensive NAC solution, which consists of the innovative products mpp and macman. It is manufacturer-independent and combines a variety of access procedures. This makes it currently one of the most flexible solutions on the market and meets the requirements of medium-sized and large companies.

Simple assignment of access rights

With the onway director, different scenarios (use cases) can be implemented securely and conveniently when assigning network access rights for guests and company-owned as well as private devices (BYOD).

Guest Access

An internal employee is visited by an external person who needs to access the internet. To authorise this, the employee logs on to the onway director and generates the corresponding guest access. The access data generated can be printed out easily then given to the guest. The guest connects their mobile device to the guest WLAN and logs in to the landing page using their access data. Access is via an unencrypted SSID.

My Devices (BYOD)

Employees are increasingly bringing their personal devices to work and wanting to connect them to the WLAN. As these devices are not managed by the company, they are not allowed to connect to the corporate WLAN.
Thanks to the onway director, all authorised employees can manage their own personal devices. A two-step procedure is used to grant network access. When accessing the onway director (sponsoring portal) for the first time, personal WLAN credentials (username/password) are generated for each employee. The employee then connects via the encrypted SSID and logs in using the previously generated credentials. As part of the second stage of the access process, the device’s MAC address plays a crucial role. Every individual device that connects to the WLAN as described above is enabled on the onway director (sponsoring portal) and from then on, it is automatically recognised by the MAC address the next time it is accessed. In addition, any devices with valid credentials that get lost can be quickly blocked in the portal. What’s more, the number of personal devices allowed per employee can be limited.
If the employee has registered with the onway director (sponsoring portal) via an external directory, their personal devices are blocked immediately when they leave the company or deleted after the device is not used for a certain length of time that can be freely specified.

Safe Guest Access (secure WiFi/PEAP)

An authorised staff member can set up encrypted internet access for their guests and WPA2-enabled devices alike. This procedure does not require the device’s MAC address to be registered with the onway director (sponsoring portal). As with “simple” Guest Access, this is a person-related authentication. Using a PEAP (Protected Extensible Authentication Protocol), a secure connection can now be established. To connect the devices with the encrypted SSID, only the credentials previously created in the portal need to be entered. This type of access offers special protection for identification data and allows different VLANs to be assigned automatically depending on group membership.

Device Management (non-WPA2)

Nowadays, more and more consumer electronics devices such as televisions, monitors and projectors are to be connected to the corporate WLAN. Newer device types are usually WLAN-capable, but they often do not feature the 802.1x standard so are therefore denied access to the WLAN. In the age of the Internet of Things (IoT), this also increasingly affects a wide range of devices such as medical apparatus, fitness equipment, sensors, etc.
These devices are registered in the onway director (sponsoring portal) by an authorised employee using their MAC address. If the device connects to the open SSID, it is authenticated by its MAC address (MAB).

We invite you to discuss your specific requirements with us in a personal meeting. onway will find the optimal solution for you and support you in the implementation of your plans in the areas of BYOD, guest access and device management via WLAN.