Security Solutions
A-27
Addendum to the ProCurve Access Control Security Design Guide
Updating the Access Control Design Process
■ The NAC 800 checks endpoints for a variety of third-party firewalls and
antivirus software.
If your company requires any of these benefits, you should consider using the
NAC 800 over NAP.
However, the NAP provides its own security benefits. For example, with the
IPsec deployment option, all traffic sent between endpoints in the protected
network is authenticated with certificates.
Table A-4. Options for Endpoint Integrity Solution by Vulnerability to Risks and
Risk Tolerance
Examples. The PCU network experiences a relatively large number of secu-
rity issues. For example, students visit areas on the Internet where their
endpoints pick up the latest viruses and spyware. PCU wants as high a security
solution as possible, so it selects the NAC 800.
Because ProCurve, Inc. runs a homogeneous Windows environment, it is not
concerned about checking for non-Windows firewalls or settings. As a result,
the additional tests provided by the NAC 800 are not required. The security
provided by NAP in other areas is commiserate with that provided by the NAC
800.
Management Resources
When considering a solution, you must factor in the cost of deploying and
maintaining the solution.
The NAC 800 solution consists of a standalone device or a cluster of devices
added to the network infrastructure. Depending on the deployment option
that you choose, you might also need to install plug-ins on servers such DHCP
servers. For ease of deployment, the NAC 800 automatically downloads
necessary agents to endpoints (or you can use agentless testing).
As explained earlier, the NAP solution may require upgrades on both end-
points and servers. If your network is already upgraded to Vista and Windows
Server 2008, the deployment will be easier. However, you must still set up
Vulnerability to Risks
and Risk Tolerance
Option
Greater security
requirements
NAC 800
Fewer security
requirements
NAP