Security Solutions
3-106
Designing Access Controls
Finalize Security Policies
Finalize Security Policies
After you have made all of your preliminary decisions, you can draw up your
policy decisions in the following table.
Table 3-77. Final Security Policy by Zone
Table 3-78 gives an example for PCU.
Table 3-78. Example Security Policy by Zone
Next, you should create user groups and policies, and if your network provides
endpoint integrity, design NAC policies.
User Groups and Policies
At this stage you should also make a general plan of which users should have
access to which network resources. Divide users into user groups and then
create policies for the user groups. Policies may include information such as
allowed access times and locations, as well as dynamic settings such as VLAN
assignment.
Zone Access Control
Method
Authentication
Protocol
Wireless
Encryption
EI Deployment
Method
EI Testing Method
Private Wired
Private Wireless
Public Wired
Public Wireless
VPN
Zone Access Control
Method
Authentication
Protocol
Wireless
Encryption
EI Deployment
Method
EI Testing Method
Private Wired 802.1X PEAP
MS-CHAPv2
802.1X NAC EI agent
Private Wireless 802.1X PEAP
MS-CHAPv2
WPA/WPA2 802.1X NAC EI agent
Public Wired Web-Auth RADIUS-PAP DHCP ActiveX
Public Wireless Web-Auth RADIUS-PAP static WEP DHCP ActiveX
VPN IPSec with IKE inline NAC EI agent