Designing Access Controls
Choose the Access Control Methods
| ■ Do your endpoints have 802.1X supplicants? | |
| Most reasonably | |
| The following Windows versions include a native 802.1X supplicant: | |
| • | Windows Vista |
| • | Windows XP |
| • Windows 2000 Service Pack (SP) 3 or later | |
| Mac OS X 10.3 also provides native support for 802.1X. The OpenX project | |
| has developed the Xsupplicant for Linux systems. | |
| In addition, many vendors of wireless NICs include a wireless client with | |
| an 802.1X supplicant as part of the product. | |
|
| |
N o t e | It is assumed that since you are designing a network access control | |
| solution, you have a RADIUS server, which is required for 802.1X authen- | |
| tication. | |
|
|
|
■ How will the necessary settings be configured on the supplicant?
The following options need to be configured for 802.1X authentication:
• EAP
•
You must decide who will configure the settings. Is this a service the IT staff can provide? Or will you educate the users by providing classes or written documentation to guide them through the configuration process?
■Do endpoints’ wireless NICs support WPA/WPA2?
Almost all wireless NICs now support the TKIP or AES encryption man- dated by WPA/WPA2.
If your answers to the first two questions lead you to believe that your environment cannot support WPA/WPA2 with 802.1X authentication, you should choose
If, in answering the third question you discovered that your wireless NICs support WEP only, you might decide to update your equipment or to use dynamic WEP encryption.
