Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
21222324252627282930
1-8
Access Control Concepts
Network Access Control Technologies
Unfortunately, although forging these physical devices is difficult, the
devices can be lost or stolen. A user might also allow someone else to
access his or her endpoint—in fact, this might be a common practice in
your organization. Once an unauthorized user possesses the necessary
device, he or she can access the network easily.
Something the user is—The previous two factors associate individuals
with more or less arbitrary credentials. An increasingly important authen-
tication factor, biometrics attempts to equate users and their credentials,
which are physical characteristics, including voice, face geometry, finger-
prints, hand geometry, handwriting dynamics, iris pattern, and retinal
pattern.
In theory at least, a person’s physical characteristics are unique—and so
unalterable and irreproducible. However, to live up to theory, biometrics
require sophisticated, and often expensive, equipment. Privacy concerns
also cause biometrics to be, while the most secure factor, also the least
commonly used.
Each of these factors provides greater security when combined with another
for two-factor authentication. For example, a smartcard or certificate installed
on an endpoint becomes secure when combined with a password. Even if an
unauthorized user seizes control of the device, he or she cannot use it without
the correct password.
Authentication Protocols. An authentication protocol defines the proce-
dure for submitting credentials to the authenticating device (typically, a
network server).
RADIUS authentication comes in three forms, each of which uses a protocol
developed for point-to-point connections:
Password Authentication Protocol (PAP)
Challenge Handshake Authentication Protocol (CHAP)
Extensible Authentication Protocol (EAP)
You’ll learn more about these protocols and their role in network access
control in “Authentication Protocols” on page 1-23.
Authorization
Authorization builds on authentication. Authorization determines which net-
work resources an authenticated user is granted rights to access.