Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
131132133134135136137138139140
3-21
Designing Access Controls
Choose the Access Control Methods
If your environment cannot support either 802.1X or WPA/WPA2, you can
implement static WEP. However, static WEP is seriously flawed and not
recommended.
Note The guidelines above were formulated under the assumption that you have
control over the equipment that accesses your private wireless zone. If your
organization allows employees to bring their own equipment, you must do
some extra work to ensure that this equipment meets the standards for your
wireless zone.
Vulnerability and Risk Tolerance
How vulnerable is the network? How much risk can your company tolerate?
Your network contains sensitive data, which makes it an inviting target for
hackers. In your needs assessment, you evaluated your company’s risk toler-
ance. Essentially, you determined the consequences to your company if your
security were breached and data were stolen or damaged.
As mentioned before, it is difficult to estimate the exact amount of money your
company could lose if such a breach occurred. However, the loss of revenue
could be substantial. For example, your company might be legally liable so
you would need to consult a lawyer to gauge those potential costs. In addition,
you company would undoubtedly lose some customers—both existing and
potential. (For more information about other potential losses, see Chapter 2:
“Customer Needs Assessment.”)
If your company has a low risk tolerance—that is, it cannot easily recover
from such a security breach—you must choose the strongest access control
method: 802.1X for wired access and 802.1X with WPA/WPA2 for wireless
access. If you think that your company has a medium risk tolerance, you may
opt for a less secure access control method, such as Web-Auth.
Companies today, however, rarely have a medium or high risk tolerance.
Because companies rely on their networks for nearly every business function,
they must take every step to protect the private zones on their networks with
the highest security possible—802.1X if their endpoints and infrastructure
devices support it. On public zones, companies can configure their networks
to provide access to minimal resources, reducing the risk to the network if
they choose Web-Auth as the access control method.