Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
21222324252627282930
1-13
Access Control Concepts
Network Access Control Technologies
Identity-based management in the form of ProCurve IDM augments the stan-
dard PDP translator role. You will learn more about IDM in “ProCurve IDM”
on page 1-58. For now, simply know that IDM helps the PDP factor user group,
location, time, system, and—with the help of a network access control-
ler—endpoint integrity into its decisions. Based on these inputs, IDM can
provide policy instructions to the PEP in the form of various dynamic settings.
The section below gives some examples of RADIUS servers. You will learn
about network access controllers in “Endpoint Integrity” on page 1-36.
Examples of RADIUS Servers. ProCurve solutions have been verified
with several RADIUS servers:
Microsoft IAS (Windows Server 2000/2003)—Microsoft’s version of
a RADIUS server, Internet Authentication Server (IAS), is bundled with
Windows 2000 Server and Windows Server 2003. In most cases it makes
sense for an organization that runs a Windows domain to use IAS as the
RADIUS platform. For organizations that rely heavily on Active Directory,
the tight integration between IAS and Active Directory facilitates deploy-
ment and administration. Note, however, that the tight linkage between
IAS and Active Directory can be a drawback, especially when using MAC-
Auth, an access control method described later in this chapter.
Juniper Steel-Belted Radius—Steel-Belted Radius server provides
additional functions and flexibility beyond that provided by IAS. LDAP
support allows the server to communicate with Active Directory content.
But because the RADIUS server is not as closely integrated into Active
Directory, it can use other credential stores instead, such as UNIX Net-
work Information Services (NIS), token-based servers (RSA, CRYPTO-
Card), SQL database, or even another RADIUS server. In addition, Steel-
Belted Radius is not limited to running on Windows platforms: it can also
run on NetWare or Solaris, or as a hardware appliance.
ProCurve NAC 800—The NAC 800 can act as your networks RADIUS
server. It supports RADIUS as a stand-alone access control solution, or it
can integrate its RADIUS capabilities with endpoint integrity checking.
Built-in server on a PEP—ProCurve Networking offers several wireless
devices that feature their own internal RADIUS server. Since authentica-
tion (particularly 802.1X) is key to security in the wireless world, these
built-in servers are ideal for small-to-medium businesses that want to add
wireless networking without compromising security.
The following ProCurve edge devices feature built-in RADIUS servers:
Wireless Edge Services Module (xl and zl)
•AP 530