HP Access Control Client Software manual Access Control Method by User Sophistication Level

Designing Access Controls

Choose the Access Control Methods

If you have a large number of users who are technically unsophisticated, you may need to factor in some training if you select 802.1X as the access control method. On the other hand, if you have a large number of highly knowledge- able users (such as university students), you will probably want to rule out less-secure access methods and focus on 802.1X combined with strict appli- cation and data access controls.

Incidentally, technical knowledge may be even more important as you con- sider endpoint integrity checking. (See “Choose the Endpoint Integrity Deployment Method” on page 3-51.)

Example

The PCU network administrators have selected the access control methods shown in Table 3-7, based only on their evaluation of user sophistication. They believe that in public zones, such as the plaza and the library, user sophistication will vary widely. (The plaza has been identified as a public wireless zone, and the library, a public wired and wireless zone.) Therefore, Web-Auth is probably the best solution for these zones.

Most of the private zones are used mainly by students, whose computer skills are fairly good to excellent. They should have no problems configuring an 802.1X supplicant.

There is one exception, however—the administration building. In this private wired zone, many users have only basic computer skills. Some of them might have problems configuring an 802.1X supplicant—at least initially. The PCU network administrators must document this exception, so they can weigh this factor against others (such as risk tolerance) for this particular zone. If the PCU network administrators ultimately select 802.1X for this zone (after they weigh all the factors), they must either provide the IT resources to configure the supplicants on behalf of users, or they must provide some training.

3-23