HP Access Control Client Software manual Network Access Control Technologies, Aaa

Access Control Concepts

Network Access Control Technologies

Network Access Control Technologies

This solution design guide focuses on two general types of access control:

■Authentication, authorization, and accounting (AAA)—controls (and tracks) which users access which resources on the network

■Endpoint integrity—controls which endpoints are allowed on the net- work based on their compliance with policies for endpoint security settings

AAAprovides the traditional framework for controlling access to the network, whereas endpoint integrity adds the ability to protect the network from potentially compromised endpoints.

The remainder of this chapter covers the protocols and technologies that underlie AAA and endpoint integrity solutions. If you already have a solid understanding of these concepts, you can proceed immediately to Chapter 2: “Customer Needs Assessment.” But remember: designing an access control solution is much less frustrating when you know what choices are available and what those choices entail.

AAA

Developed by the Internet Engineering Task Force (IETF), AAA dictates how network devices provide:

■Authentication—determining if users are who they claim to be

■Authorization—deciding which data and applications users can access and applying controls to enforce those decisions

■Accounting—tracking which resources users actually access

AAAallows you to centralize these functions and standardize policies through- out a network. A AAA server makes decisions that edge devices—in AAA, called network access servers (NASs)—enforce.

The NASs and AAA servers communicate using a AAA protocol, of which the two most common are:

■Remote Access Dial-In User Service (RADIUS)

■Terminal Access Controller Access Control System Plus (TACACS+)

This guide focuses on RADIUS because it is compatible with most other access control mechanisms.

1-6