Designing Access Controls
Choose the Access Control Methods
The value in the “Total” row might yield a good result, but you need to look more closely at the factors because some might be more critical than others. For example, if one of your switches does not support 802.1X, you would have to select another access control method, regardless of the other factors (unless you have the budget to purchase a new switch).
To evaluate the relative importance of each factor, enter values in the “Weight” column; a higher value prioritizes the corresponding factor. When you total the access control methods, count the method twice if the weight is 2, three times if the weight is 3, and so forth.
You may want to assign the values for the “Weight” column differently for each access control zone. For example, user type and sophistication may be some- what important for a private wireless or wired network. You may weight it as a 2 because you can implement some training to improve users’ computer skills. For public wireless or wired zones, however, user type and sophistica- tion may be extremely important because you cannot train guests and you do not have the IT resources to provide support if users cannot log in successfully. As a result, you must weight this factor as a 3 for the public zones.
Table 3-20. Preliminary Decisions for the Access Control Method
Factor | Weight | Private Wired | Public Wired | Private Wireless | Public Wireless |
|
|
|
|
|
|
Security
User type and sophistication
Administrative workload
Endpoint capabilities
Administrative control
Existing network infrastructure
Total
Example
For example, Table