Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software

131

132

133

134

135

136

137

138

139

140

3-15

Designing Access Controls

Choose the Access Control Methods

Network Access Zones: Security

What type of security do you need in each zone?

As explained in Chapter 2: “Customer Needs Assessment,” when you are

planning network access control, it is helpful to identify network zones, which

are network segments or areas that provide a particular type of connec-

tion—wired, wireless, or remote. You can further categorize zones based on

the type of users who are accessing the network in these areas. There are two

broad categories—private and public.

Each zone has different security requirements, as shown in Table 3-2. For

example, wireless zones require authentication plus encryption to prevent

eavesdroppers from viewing confidential data. In addition to these general

security requirements, which hold true for nearly every environment, you will

need to identify the specific security requirements for your company. For

example, you must determine the information users should be able to access

if they are using a wireless connection or a remote connection. You may not

want employees in the accounting department to access the company’s finan-

cial information through a wireless connection.

Table 3-2. Security Concerns by Zone

Security Zone Private Public

Wired • Limit users to only the information they need

to do their job.

• Protect the network from users—whether

well-intentioned or malicious—who try to

attach rogue access points (APs) or other

unauthorized devices.

• Provide access to limited resources, such

as Internet access or a public printer.

• Protect the network from attackers who

may try to hack into the network or attach

an unauthorized device.

Wireless • Protect against “war drivers” who try to

eavesdrop on wireless communications or

steal bandwidth.

• Determine what type of information can be

viewed in each wireless zone.

• If giving only courtesy Internet access,

leave security concerns to guests

(because they will not be viewing

information from your network).

Remote • Establish a VPN to protect communications.

• Determine what type of information can be

accessed over a remote connection.

• Typically, does not provide a practical

solution for public. (HTTPS provides

access to a Web server, rather than to your

network, so it is not covered in this guide.)