Security Solutions
1-44
Access Control Concepts
Network Access Control Technologies
Examples include:
■ A VPN—Remote users access the private network through the Internet.
Each remote user sets up a secure tunnel with the network’s VPN gateway
device. Checking the integrity of the remote endpoints is particularly
important, because they are otherwise beyond your control.
■ A WAN—A WAN is a network that connects several sites over private
connections such as T1 or E1 cable or Asymmetric Digital Subscriber Line
(ADSL) lines: for example, branch offices that connect to a company
headquarters. For whatever reason, you might want to test the integrity
of endpoints at a remote office before they connect to the segment of the
WAN under your control.
■ A wireless network—A device such as the ProCurve Wireless Edge
Services Module controls many RPs and may provide thousands of wire-
less users with their access point to the network. Especially when the
wireless users connect with their own equipment, the network should test
their integrity.
The Wireless Edge Services Module and ProCurve APs support 802.1X
authentication, and, for a wireless network that already uses 802.1X to
authenticate users, you should choose the 802.1X quarantine option.
However, some networks use an alternative such as WPA-PSK. In this
case, inline quarantining provides a higher security option than DHCP.
Note that the NAC 800 is acting as a bridge so all traffic from the module
or APs must be forwarded into the rest of the network in the same VLAN.
If you require multiple VLANs and cannot use 802.1X, you should use the
DHCP method rather than the inline method.
Note With the inline deployment method, the network access controller acts as PEP
as well as PDP. It physically stands between endpoints and network resources
and enforces its decisions about which resources an endpoint can access.