Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software

121

122

123

124

125

126

127

128

129

130

3-13

Designing Access Controls

Choose the Access Control Methods

As outlined in Chapter 1: “Access Control Concepts,” there are three access

control methods:

■ MAC Authentication (MAC-Auth)

■ Web Authentication (Web-Auth)

■ 802.1X

Each method has advantages and disadvantages, as Table 3-1 shows.

Table 3-1. Advantages and Disadvantages of Access Control Methods

Access Control

Method

Advantages Disadvantages Security Level

MAC-Auth (local and

RADIUS)

• Control over which

endpoints connect to the

network

• No software on the endpoint

• In the wireless world, easy

to combine with other

security

• Not scalable

• High administrative

overhead

• Susceptible to

spoofing—fairly easy to

spoof authorized MAC

address

• Hardware-based, rather

than user-based,

authentication

Low

• Low-to-medium effort to

crack

• Prevents casual,

unauthorized users

Web-Auth • Ideal for public zones

• Control over which users

access the network

• No configuration

required—especially for

wireless endpoints

• No 802.1X supplicant

required

• Centralized user

authentication

• No encryption by default

• RADIUS server required

• Web browser interface

(user interaction)

required—no

authentication of headless

devices

• No seamless roaming for

wireless networks

Medium

• Medium-to-high effort to

crack

• Prevents more diligent

attacks than MAC-Auth

does