Access Control Concepts

Network Access Control Technologies

Identity-based management in the form of ProCurve IDM augments the stan- dard PDP translator role. You will learn more about IDM in “ProCurve IDM” on page 1-58. For now, simply know that IDM helps the PDP factor user group, location, time, system, and—with the help of a network access control- ler—endpoint integrity into its decisions. Based on these inputs, IDM can provide policy instructions to the PEP in the form of various dynamic settings.

The section below gives some examples of RADIUS servers. You will learn about network access controllers in “Endpoint Integrity” on page 1-36.

Examples of RADIUS Servers. ProCurve solutions have been verified with several RADIUS servers:

Microsoft IAS (Windows Server 2000/2003)—Microsoft’s version of a RADIUS server, Internet Authentication Server (IAS), is bundled with Windows 2000 Server and Windows Server 2003. In most cases it makes sense for an organization that runs a Windows domain to use IAS as the RADIUS platform. For organizations that rely heavily on Active Directory, the tight integration between IAS and Active Directory facilitates deploy- ment and administration. Note, however, that the tight linkage between IAS and Active Directory can be a drawback, especially when using MAC- Auth, an access control method described later in this chapter.

Juniper Steel-BeltedRadius—Steel-Belted Radius server provides additional functions and flexibility beyond that provided by IAS. LDAP support allows the server to communicate with Active Directory content. But because the RADIUS server is not as closely integrated into Active Directory, it can use other credential stores instead, such as UNIX Net- work Information Services (NIS), token-based servers (RSA, CRYPTO- Card), SQL database, or even another RADIUS server. In addition, Steel- Belted Radius is not limited to running on Windows platforms: it can also run on NetWare or Solaris, or as a hardware appliance.

ProCurve NAC 800—The NAC 800 can act as your network’s RADIUS server. It supports RADIUS as a stand-alone access control solution, or it can integrate its RADIUS capabilities with endpoint integrity checking.

Built-in server on a PEP—ProCurve Networking offers several wireless devices that feature their own internal RADIUS server. Since authentica- tion (particularly 802.1X) is key to security in the wireless world, these built-in servers are ideal for small-to-medium businesses that want to add wireless networking without compromising security.

The following ProCurve edge devices feature built-in RADIUS servers:

Wireless Edge Services Module (xl and zl)

AP 530

1-13

Page 26 Page 28
Page 27
Image 27
HP Access Control Client Software manual Access Control Concepts
Page 26 Page 28
Top Page Image Contents