HP Access Control Client Software Evaluate the Existing Network Environment, Size, Edge Devices

Customer Needs Assessment

Evaluate the Existing Network Environment

software or a personal firewall. It could also ensure that the endpoints attaching to your network are running the patches for their OS and applica- tions.

Although this design guide does not focus on the other security mea- sures—namely Virus Throttle software, IPS/IDS, and Network Immunity Man- ager—you can take to protect your network, you should evaluate such measures in your overall network security strategy. Protecting today’s net- works requires a layered approach. Network access control is a critical layer, but you should not ignore the other layers.

Evaluate the Existing Network

Environment

As you plan your network access controls, you must evaluate the equipment on the network. The type of equipment and its capabilities directly affect both network access controls and endpoint integrity. For example, you must know the capabilities of your company’s switches before you can select an access control method. You must also know which OSs and applications your com- pany is using before you begin to define the requirements for endpoints attaching to your network.

Size

To begin with, you want to know the size of the network. Does the network span multiple locations? If yes, how many locations or offices are there?

How many endpoints are there at each location? How many switches? How many wireless access points (APs)?

Edge Devices

You also need to know the capabilities of each edge device. Which authenti- cation methods do your switches support? 802.1X, MAC authentication (MAC- Auth), and Web-Auth? Do they support local MAC-Auth or Remote Authenti- cation Dial-In User Service (RADIUS) MAC-Auth? These capabilities not only affect network access but also the deployment method you use for the NAC

800.(For more information about NAC 800 deployment methods, see Chapter 1: “Access Control Concepts.”)

2-25