Security Solutions
3-22
Designing Access Controls
Choose the Access Control Methods
Example
For example, PCU, like all universities, has a very low risk tolerance. The PCU
network stores confidential information about both students and faculty. In
addition, the faculty stores curriculum and tests on the network. The univer-
sity cannot afford to have any of this information stolen.
When factoring in only security, the PCU network administrators select the
access control methods shown in Table 3-4.
Table 3-4. Selecting an Access Control Method Based on Security Needed
User Type and Sophistication
Which users are connecting to the network, and what level of expertise do
they have?
Based on your needs assessment, you have identified the users who are
accessing the network in each zone. You have also determined their level of
technical expertise, so you know:
■ Which users are technical novices and may require help if you select a
complex access control method
■ Which users are knowledgeable and may—either out of frustration or a
sense of challenge—try to circumvent network security
You might find it useful to group users into three general categories, as
outlined in Table 3-5.
Table 3-5. Level of Technical Knowledge
Factor Private Wired Public Wired Private Wireless Public Wireless
Security 802.1X 802.1X 802.1X with WPA/
WPA2
802.1X with WPA/
WPA2
Technical Knowledge Characteristics
Low (unsophisticated) Little or no technical knowledge—they just want
things to work.
Medium (somewhat sophisticated) Some technical knowledge—they are willing and able
to deal with minor issues.
High (very sophisticated) Expert knowledge—they are able to manage all facets
of their computer environment.