Security Solutions
3-8
Designing Access Controls
Comprehensive Security Policy
The Process of Designing Access Control Security
This chapter outlines a step-by-step process for designing your access control
security. It explains each step in-depth, helping you to understand all the
factors you must consider when completing that step.
1. Choose the access control methods.
2. Make decisions about remote access (VPN).
3. Choose the endpoint integrity deployment method.
4. Choose the endpoint integrity testing method.
5. Choose Remote Authentication Dial-In User Service (RADIUS) servers.
6. Add ProCurve Identity Driven Manager (IDM).
7. Select an Extensible Authentication Protocol (EAP) method for 802.1X.
8. Finalize security policies.
9. Lay out the network.
As you go through each step in the process, you will return to the factors you
considered in Chapter 2: “Customer Needs Assessment.” Some of these fac-
tors are technical; others are business issues. A well-designed, comprehensive
security policy takes both into account.
Example Network
To illustrate which decisions need to be made and which aspects of your
network need to be considered for each step, this chapter presents a hypo-
thetical university. ProCurve University (PCU) enrolls approximately 20,000
students and employs approximately 4000 faculty, administrative, and support
staff members.
Figure 3-1 is a simplified diagram of the PCU campus, showing the areas where
the PCU IT staff must provide network access: the open-air plaza, the admin-
istration building, the engineering department with its specialized resources,
the classrooms, the dormitories, and the library.