
Designing Access Controls
Choose the Access Control Methods
Table 3-12. Administrative Control Levels
IT Administrative Control | Description |
No control | Owned and controlled by users; effecting change may be difficult. |
Some control | Owned by the users or by the business; change may be possible, |
| but may be inhibited by factors such as weak corporate policy, |
| weak administrative controls, or corporate culture. |
Complete control | Owned by the company; IT clearly has the ability to effect change. |
|
|
The less control you have over endpoints, the fewer options you have for the access control method, as Table
Table 3-13. Access Control Method by Administrative Control Level
|
| 802.1X | |
Admin control needed | High | Low to medium | Medium to high |
Control requirements | Network administrator must | Browsers are used. | Network administrator must |
| know the MAC address of |
| ensure that each endpoint |
| each endpoint. |
| has a correctly configured |
|
|
| 802.1X supplicant. |
|
|
|
|
Example
On the example PCU campus, network administrators have complete control over the servers, headless endpoints, supercomputer, and workstations in the administration building, computer labs, and library. However, they have no control over many of the wireless endpoints, especially the PDAs, smart- phones, and laptops that each group of new students brings.
Although network administrators cannot control users’ endpoints, they can impose some requirements for students who want to access the PCU network. Knowing that most students are technically knowledgeable, they can require students to download and install an 802.1X supplicant if they don’t already have one on their laptops and workstations.
Based solely on the degree of administrative control they have over the endpoints on the PCU network, network administrators choose 802.1X for all of the endpoints that they control completely or partially and