Security Solutions
3-51
Designing Access Controls
Choose the Endpoint Integrity Deployment Method
Choose the Endpoint Integrity
Deployment Method
After selecting an access control method, you must turn your attention to
endpoint integrity. Specifically, you must determine how you will deploy the
ProCurve Network Access Controller (NAC) 800. As explained in Chapter 1:
“Access Control Concepts,” the NAC 800 can be deployed in three ways, which
correspond with the quarantine method:
■ 802.1X
■ Dynamic Host Configuration Protocol (DHCP)
■ Inline
When choosing the deployment method, you should consider these factors:
■ Access control method
■ Vulnerability to risks and risk tolerance
■ Existing network infrastructure
■ Connection type
Access Control Method
The access control method you select will determine, to some degree, the
deployment method you choose.
802.1X
If you selected 802.1X as an access control method, you should select 802.1X
for the deployment method—this is the most secure option and there are few
barriers to using 802.1X for quarantining that you have not already sur-
mounted.
For example, you have already verified that your switches support
802.1X. (To determine which ProCurve switches support 802.1X, see Table 3-15.)
Web-Auth
You most often choose Web-Auth when you have decided that 802.1X is
inappropriate for the zone—whether because your devices do not support
802.1X or because the zone includes guests of whose endpoints you cannot
guess the capabilities. As 802.1X is not an option, you should probably choose
the DHCP deployment method.