Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
71727374757677787980
2-3
Customer Needs Assessment
Overview
Overview
As described in Chapter 1: “Access Control Concepts,” network access control
is more than just granting legitimate users access to the network while
blocking unauthorized people. Although you must identify the users who need
access to your company’s network, you must go beyond this first step to
determine:
What data, services, and other resources should these users be able to
access?
What conditions should alter the level of access granted to a particular
user?
To answer the first question, you must focus on the user. You must determine
what network resources each user needs to complete his or her job. You may
need to interview users, create user committees, or use questionnaires to
gather this information. Whichever method you use, keep in mind that the
more you communicate with users, the better. (For more information about
working with users, see “The Human Factor” on page 2-39.)
You should ensure that users can access only the network resources they need
to complete their work successfully. By granting users the minimum network
access they need, you limit the damage a disgruntled or untrustworthy
employee can cause. You also minimize the damage a hacker can cause if he
or she breaks into a user’s account.
For example, if a user can access any network resource and a hacker discovers
his or her username and password, that hacker can cause massive dam-
age—stealing or destroying confidential data across the entire network. If that
user has access to only one network server, however, the damage—although
significant—may not be all encompassing.
To answer the second question, you must concentrate on the company and its
network. You must try to protect the network and your company by minimiz-
ing the risk of network attacks.
You must set up other controls as necessary to limit network access. For
example, you may need to allow some users to access the network only on
certain days or at certain times. Other users may need to be restricted to
accessing the network from certain locations.