Designing Access Controls
Choose Endpoint Integrity Testing Methods
all three testing methods are selected, the order determines which
Factors to Consider for Testing Methods
The sections below describe selecting testing methods for the five security zones. As you read through these sections, consider what it means to ensure that a particular method works in a particular zone. You might need to perform particular tasks on endpoints in that
You should check the cluster settings that apply to the NAC 800 cluster that controls the zone. For example, if you are using the DHCP deployment method, the controlling cluster contains the NAC 800 that intercepts the endpoints’ DHCP requests.
Keep in mind that a cluster might control endpoints in more than one zone. This should not be a problem, however, because you can enable more than one testing method in a cluster.
To determine which testing methods you want to use, you should consider:
■Administrative control over endpoints
■
■User sophistication
■Administrative workload
■Network overhead
Administrative Control over Endpoints
The amount of administrative control you have over endpoints determines whether or not you can configure endpoints to support a particular testing method. For example, if you have very limited control over endpoints, you cannot require users to download software to their endpoints. In addition, you will not know the admin credentials for endpoints, and
