HP Access Control Client Software manual Configuration of PCU’s Endpoints

Designing Access Controls

Choose the Access Control Methods

Even gaming devices, such as Microsoft XBox 360, include a NIC, allowing them to connect to a network and support MAC-Auth. As part of your security policy, you must determine if you will allow gaming devices to access the network, and if you do grant them access, you must create a way for users to register their gaming devices so that you can set up MAC-Auth for them.

At PCU, for example, the network administrators plan to create a secure Web page that guides students through the process of registering their gaming devices. Network administrators also plan to use IDM to limit the times when such devices can access the network. Students will be able to play games over the network from 7 p.m. to 1 a.m.

Because the Web browser has become a standard user application, most workstations, laptops, and smartphones support Web-Auth. But with the emphasis on tighter security, vendors have recognized the need for 802.1X and added 802.1X supplicants to their OSs. Even PDAs typically offer limited 802.1X support, and some new network printers include supplicants. Third- party supplicants are also available.

However, legacy OSs, such as Windows NT or Windows ME, do not support 802.1X without special installation of a third-party supplicant. And “headless” endpoints such as older network printers do not support an 802.1X supplicant of any kind. If your network includes endpoints that simply do not support 802.1X, you can use MAC-Auth to secure their access but implement 802.1X for all other endpoints.

Example

Table 3-10 lists the access control methods for the endpoints on the PCU network.

Table 3-10. Configuration of PCU’s Endpoints

3-26