Designing Access Controls

Choose the Access Control Methods

The value in the “Total” row might yield a good result, but you need to look more closely at the factors because some might be more critical than others. For example, if one of your switches does not support 802.1X, you would have to select another access control method, regardless of the other factors (unless you have the budget to purchase a new switch).

To evaluate the relative importance of each factor, enter values in the “Weight” column; a higher value prioritizes the corresponding factor. When you total the access control methods, count the method twice if the weight is 2, three times if the weight is 3, and so forth.

You may want to assign the values for the “Weight” column differently for each access control zone. For example, user type and sophistication may be some- what important for a private wireless or wired network. You may weight it as a 2 because you can implement some training to improve users’ computer skills. For public wireless or wired zones, however, user type and sophistica- tion may be extremely important because you cannot train guests and you do not have the IT resources to provide support if users cannot log in successfully. As a result, you must weight this factor as a 3 for the public zones.

Table 3-20. Preliminary Decisions for the Access Control Method

Factor

Weight

Private Wired

Public Wired

Private Wireless

Public Wireless

 

 

 

 

 

 

Security

User type and sophistication

Administrative workload

Endpoint capabilities

Administrative control

Existing network infrastructure

Total

Example

For example, Table 3-21 lists the choices that the PCU network administrators have made, based on each factor.

3-34

Page 150
Image 150
HP Access Control Client Software manual Preliminary Decisions for the Access Control Method