Security Solutions
3-14
Designing Access Controls
Choose the Access Control Methods
Whenever possible, you should select the most secure access control
method—802.1X. However, it may not be possible or even practical to imple-
ment 802.1X in every instance. For example, Web-Auth may be a better choice
for guests—as the following sections explain.
If you decide to implement 802.1X, you will rarely be able to use it for all
endpoints. Some endpoints and switches may not support 802.1X. If an
endpoint or switch does not support 802.1X, MAC-Auth is often the logical
choice.
When you select access control methods for the endpoints on your network,
you begin with the information you collected in your needs assessment. (See
Chapter 2: “Customer Needs Assessment” for more information.) In particu-
lar, you should focus on the following:
■ Network access zones
■ Administrative burden
■ Vulnerability and risk tolerance
■ User connection type and user sophistication
■ Endpoints
■ Existing network infrastructure
802.1X • Control over both users and
endpoints that access the
network (because
endpoints can have
supplicants)
• In the wireless world,
automated encryption key
assignment to protect
against data sniffing
• Centralized user
authentication
• Flexibility in the EAP option
you select
• More network requirements
such as an 802.1X-capable
switch, 802.1X-capable
endpoints, and a RADIUS
server
• 802.1X supplicant on the
endpoint
• User configuration for
wireless network
High
• High effort to
crack—attackers must
forge authorized user
credentials to gain entry
• Exact level dependent upon
the underlying EAP method
Access Control
Method
Advantages Disadvantages Security Level