Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software

141

142

143

144

145

146

147

148

149

150

3-28

Designing Access Controls

Choose the Access Control Methods

Table 3-12. Administrative Control Levels

The less control you have over endpoints, the fewer options you have for the

access control method, as Table 3-13 shows. For example, if your network

provides guest access for the general public, you have no control over these

users’ endpoints. Because you cannot gather the MAC addresses for endpoints

you do not control, MAC-Auth would be impossible to deploy. Likewise, you

cannot install an 802.1X supplicant on endpoints, so 802.1X is not a viable

option.

Table 3-13. Access Control Method by Administrative Control Level

Example

On the example PCU campus, network administrators have complete control

over the servers, headless endpoints, supercomputer, and workstations in the

administration building, computer labs, and library. However, they have no

control over many of the wireless endpoints, especially the PDAs, smart-

phones, and laptops that each group of new students brings.

Although network administrators cannot control users’ endpoints, they can

impose some requirements for students who want to access the PCU network.

Knowing that most students are technically knowledgeable, they can require

students to download and install an 802.1X supplicant if they don’t already

have one on their laptops and workstations.

Based solely on the degree of administrative control they have over the

endpoints on the PCU network, network administrators choose 802.1X for all

of the endpoints that they control completely or partially and Web-Auth for

those that they do not control.

IT Administrative Control Description

No control Owned and controlled by users; effecting change may be difficult.

Some control Owned by the users or by the business; change may be possible,

but may be inhibited by factors such as weak corporate policy,

weak administrative controls, or corporate culture.

Complete control Owned by the company; IT clearly has the ability to effect change.

MAC-Auth Web-Auth 802.1X

Admin control needed High Low to medium Medium to high

Control requirements Network administrator must

know the MAC address of

each endpoint.

Browsers are used. Network administrator must

ensure that each endpoint

has a correctly configured

802.1X supplicant.