HP Access Control Client Software manual Make Decisions about Remote Access VPN

Designing Access Controls

Make Decisions about Remote Access (VPN)

Table 3-22. Access Control Methods for Each Zone

Remember that the PCU network administrators noted that the users in the administration building would need some help if 802.1X was selected as the access control method. Because they cannot hire additional network admin- istrators, they will have to conduct some training classes for these users. This requirement is documented in the PCU’s comprehensive security policy.

Make Decisions about Remote Access (VPN)

The previous section guided you through choosing an access control method for four security zones within your network. However, your company might have a fifth zone: remote. The remote zone would include any users who access the network remotely—here defined as over a public connection (probably the Internet).

Such remote access is provided by a VPN solution. When you are evaluating access control methods, you are concerned with client-to-site VPNs, which establish a virtual point-to-point connection, or tunnel, between a remote endpoint and a gateway. (A VPN can also establish a tunnel between two sites.) The gateway grants access to the inside network.

Strictly speaking, a tunnel is any virtual point-to-point connection over which encapsulated traffic is untouched by devices between points. For the purposes of this guide, a tunnel must be a secure channel; that is, it protects the privacy and integrity of data with encryption. A VPN protocol handles setting up the secure channel and, in the process, authenticating the remote users.

3-36