Addendum to the ProCurve Access Control Security Design Guide
Updating the Access Control Design Process
Finally, note
Table
Environment
Existing Network Environment | Option |
Mixed environment | NAC 800 |
Legacy devices such as Windows 2000 endpoints | NAC 800 |
Windows Server 2003 only | NAC 800 |
Homogeneous Windows environment with Vista and XP endpoints | NAP |
and Windows Server 2008 |
|
|
|
Examples. This addendum will provide examples for two hypothetical orga-
PCU must support the endpoints that students and faculty bring with them. Network administrators have enough of a challenge forcing students to install antivirus software. At the very least, they can allow students to use the software that they choose. If network administrators were considering only the existing network environment, they would select the NAC 800 for the flexibility that it brings to a mixed environment.
ProCurve, Inc., on the other hand, can enforce more uniformity for stations. To make employees as productive as possible, the company upgrades its stations every three years. As a result, all stations are running at least Windows XP, and some stations are running Windows Vista. In addition, the company is already upgrading its Windows servers to Windows Server 2008. If network administra- tors were considering only the existing network environment, they would select NAP because the company has a homogeneous Windows environment.
Vulnerability to Risks and Risk Tolerance
The NAC 800 provides several security benefits over NAP:
■As a hardware appliance rather than a service running on an OS, the NAC 800 receives more frequent test updates.
■The NAC 800 supports many tests including checks on security settings, hotfixes, updates, patches, and
