Security Solutions

3-34

Designing Access Controls

Choose the Access Control Methods

The value in the “Total” row might yield a good result, but you need to look

more closely at the factors because some might be more critical than others.

For example, if one of your switches does not support 802.1X, you would have

to select another access control method, regardless of the other factors

(unless you have the budget to purchase a new switch).

To evaluate the relative importance of each factor, enter values in the “Weight”

column; a higher value prioritizes the corresponding factor. When you total

the access control methods, count the method twice if the weight is 2, three

times if the weight is 3, and so forth.

You may want to assign the values for the “Weight” column differently for each

access control zone. For example, user type and sophistication may be some-

what important for a private wireless or wired network. You may weight it as

a 2 because you can implement some training to improve users’ computer

skills. For public wireless or wired zones, however, user type and sophistica-

tion may be extremely important because you cannot train guests and you do

not have the IT resources to provide support if users cannot log in successfully.

As a result, you must weight this factor as a 3 for the public zones.

Table 3-20. Preliminary Decisions for the Access Control Method

Example

For example, Table 3-21 lists the choices that the PCU network administrators

have made, based on each factor.

Factor Weight Private Wired Public Wired Private Wireless Public Wireless

Security

User type and

sophistication

Administrative

workload

Endpoint

capabilities

Administrative

control

Existing network

infrastructure

To ta l