Security Solutions
3-76
Designing Access Controls
Choose Endpoint Integrity Testing Methods
If PCU network administrators were concerned about the small surges when
classes begin and at the beginning of the school year, they might choose the
agentless method. However, the PCU network has been designed to handle
these surges. Based solely on the network’s capability to handle overhead, the
PCU network administrators choose either the NAC EI agent or ActiveX
testing method.
Table 3-52. Testing Method by Network Overhead
Bringing All of the Factors Together
As with choosing the access control method, you create a table that shows all
of the preliminary decisions. You can then determine which choice or choices
are best when you balance all factors.
Remember, however, that your choices are less hard and fast than many in
this guide; you can choose more than one method. Therefore, instead of
entering a single method in each cell in the “Total” row, you should total the
number of times you selected the method. Then, in the “Selection” row, record
the method or methods desirable enough to devote time to implementing.
Table 3-53. Preliminary Decisions for Testing Methods
Factor Public Wired Private Wired Public Wireless Private
Wireless
Remote
Network overhead NAC EI agent
ActiveX
NAC EI agent
ActiveX
NAC EI agent
ActiveX
NAC EI agent
ActiveX
NAC EI agent
ActiveX
Factor Public Wired Private Wired Public
Wireless
Private
Wireless
Remote
Administrative control
Post-connect testing
User sophistication
Administrative workload
Network overhead
To ta l s
Selections