5. network access protection (nap)
DESCRIPTION
Configuring NAPTRANSCRIPT
![Page 1: 5. Network Access Protection (NAP)](https://reader033.vdocuments.us/reader033/viewer/2022061109/5449beacb1af9f086d8b45bb/html5/thumbnails/1.jpg)
NETWORK ACCESS PROTECTION
Need for NAP NAP Component Enforcement Types
NEED FOR NAP:
A single vulnerable host poses threat to entire network Especially laptop, guests or home Need to detect + Remediate unhealthy clients
Little or No user actionRestricted network until resolveFull network IP Healthy
NAP COMPONENTS: System Health Agent (SHA)
NAP Client (security center)Report health statVista, XP-SP3
System Health Validator (SHV)NAP on W2K8Possibly Combined With Radius
![Page 2: 5. Network Access Protection (NAP)](https://reader033.vdocuments.us/reader033/viewer/2022061109/5449beacb1af9f086d8b45bb/html5/thumbnails/2.jpg)
Remediation ServersAntivirus updatesWSUS
RADIUS (Remote Access Dial-In User Server)AAA (Authentication, Authorization, Accounting)
CA (Certificate Authority)Must be W2K8
Vender SHA/SHV Pair
ENFORCMENT TYPES:
IPSecHealth Check Health CertCan be IP Address or Port-SpecificW2K8 CA required
802.1x Switch/ APConstant MonitoringACLVLAN
VPNW2K8Packet Filter
DHCPCompliant clients: Full access IP configurationNon-Compliant: Single Host Routes
![Page 3: 5. Network Access Protection (NAP)](https://reader033.vdocuments.us/reader033/viewer/2022061109/5449beacb1af9f086d8b45bb/html5/thumbnails/3.jpg)
CONFIGURING NAP:
![Page 4: 5. Network Access Protection (NAP)](https://reader033.vdocuments.us/reader033/viewer/2022061109/5449beacb1af9f086d8b45bb/html5/thumbnails/4.jpg)
![Page 5: 5. Network Access Protection (NAP)](https://reader033.vdocuments.us/reader033/viewer/2022061109/5449beacb1af9f086d8b45bb/html5/thumbnails/5.jpg)
![Page 6: 5. Network Access Protection (NAP)](https://reader033.vdocuments.us/reader033/viewer/2022061109/5449beacb1af9f086d8b45bb/html5/thumbnails/6.jpg)
![Page 7: 5. Network Access Protection (NAP)](https://reader033.vdocuments.us/reader033/viewer/2022061109/5449beacb1af9f086d8b45bb/html5/thumbnails/7.jpg)
![Page 8: 5. Network Access Protection (NAP)](https://reader033.vdocuments.us/reader033/viewer/2022061109/5449beacb1af9f086d8b45bb/html5/thumbnails/8.jpg)
![Page 9: 5. Network Access Protection (NAP)](https://reader033.vdocuments.us/reader033/viewer/2022061109/5449beacb1af9f086d8b45bb/html5/thumbnails/9.jpg)
![Page 10: 5. Network Access Protection (NAP)](https://reader033.vdocuments.us/reader033/viewer/2022061109/5449beacb1af9f086d8b45bb/html5/thumbnails/10.jpg)
![Page 11: 5. Network Access Protection (NAP)](https://reader033.vdocuments.us/reader033/viewer/2022061109/5449beacb1af9f086d8b45bb/html5/thumbnails/11.jpg)
![Page 12: 5. Network Access Protection (NAP)](https://reader033.vdocuments.us/reader033/viewer/2022061109/5449beacb1af9f086d8b45bb/html5/thumbnails/12.jpg)
![Page 13: 5. Network Access Protection (NAP)](https://reader033.vdocuments.us/reader033/viewer/2022061109/5449beacb1af9f086d8b45bb/html5/thumbnails/13.jpg)
Administrative templates Windows Components Security Center 'Turn On security center’
![Page 14: 5. Network Access Protection (NAP)](https://reader033.vdocuments.us/reader033/viewer/2022061109/5449beacb1af9f086d8b45bb/html5/thumbnails/14.jpg)
Windows 7 Client > run > ipconfig /all 'show no default gateway'Windows 7 Client > run > route print 'no default route'Windows 7 Client > run > ping 192.168.1.39Windows 7 Client > run > netsh nap client show state
![Page 15: 5. Network Access Protection (NAP)](https://reader033.vdocuments.us/reader033/viewer/2022061109/5449beacb1af9f086d8b45bb/html5/thumbnails/15.jpg)
Windows 7 Client > run > ipconfig /releaseWindows 7 Client > run > ipconfig /renewWindows 7 Client > run > route printr 'default gateway show if its healthy client'Windows 7 Client > web > google.com 'if its healthy client'