Security Solutions
3-48
Designing Access Controls
Make Decisions about Remote Access (VPN)
Table 3-31. Selecting VPN Options Based on Existing Network Infrastructure
Bringing All Factors Together
Having considered the factors above, you can select options for your VPN.
You can use Table 3-32 to make your final decision. In each row, enter your
preferred option. Then, find the choice that shows up most frequently in the
rows above and enter it in the “Total” row. If you decide that a particular factor
does not affect a particular option in your environment, just ignore the row
for that option. For example, the encryption algorithms you choose depend
primarily on only two factors: the level of security you require and the
capabilities of your endpoints.
Sometimes, you may decide that two options meet your requirements for that
factor. You might enter your preferred option and see whether it works when
you consider other factors. On the other hand, you might enter both options
and count each one once. Either way, in the end, you will choose the option
that works best when all factors are taken into account.
You can also enter values in the “Weight” column to weight certain factors
more heavily; a higher value prioritizes the corresponding factor. For example,
if your greatest concerns are security and your existing network infrastruc-
ture, you could assign these factors a weight of 3. When you total the access
control methods, count the method twice if the weight is 2, three times if the
weight is 3, and so forth.
You might also want to total columns in the order that a particular option is
important to you. For example, if you know that you want to use a particular
gateway, you should choose that gateway first and then eliminate options that
are not supported by that gateway.
Factor VPN Protocol Authentication
Method
Encryption Client Gateway
Existing network
infrastructure
IPsec with IKE Digital certificates Any ProCurve VPN
Client
Secure Router
7203dl