Security Solutions
3-53
Designing Access Controls
Choose the Endpoint Integrity Deployment Method
Table 3-34. Options for Endpoint Integrity Deployment Method by Access
Control Method
Example
Based solely on the access control method selected in the last step, the PCU
network administrators would choose the deployment options shown below.
Table 3-35. Deployment Method by Access Control Method
Vulnerability to Risks and Risk Tolerance
Each deployment method provides a different level of security, depending on
the underlying network configuration. For example, with the inline deploy-
ment method all traffic must physically pass through the NAC 800 before it
can access the network, which provides a high degree of security.
The 802.1X deployment method also provides a high degree of security
because it works in conjunction with the 802.1X access control method. As a
result, it is difficult for users to circumvent it.
Access Control
Method
Private Wired Public Wired Private Wireless Public Wireless
802.1X 802.1X 802.1X 802.1X 802.1X
802.1X with MAC-Auth
for headless devices
802.1X 802.1X 802.1X 802.1X
MAC-Auth—switches
and APs support
dynamic VLANs
802.1X 802.1X 802.1X 802.1X
MAC-Auth—Switches
and APs do not
support dynamic
VLANs
DHCP DHCP • DHCP
• Sometimes inline
• DHCP
• Sometimes inline
Web-Auth or MAC-
Auth
DHCP DHCP • DHCP
• Sometimes inline
• DHCP
• Sometimes inline
Factor Private Wired Public Wired Private Wireless Public Wireless
Selected access control
method
802.1X DHCP 802.1X DHCP