ms nap - security day
DESCRIPTION
MS NAP - Security Day Son VuTRANSCRIPT
![Page 1: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/1.jpg)
Windows Server 2008 – Windows Server 2008 – Network Access Protection Network Access Protection (NAP)(NAP)
Windows Server 2008 – Windows Server 2008 – Network Access Protection Network Access Protection (NAP)(NAP)
Presented by Vu Nguyen Cao SonPresented by Vu Nguyen Cao SonEPG Technical SpecialistEPG Technical [email protected]@microsoft.comwww.CaoSonBlog.comwww.CaoSonBlog.com
![Page 2: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/2.jpg)
Why SecurityWhy Security
Introducing Network Access ProtectionIntroducing Network Access Protection
Using NAP with DHCPUsing NAP with DHCP
Using NAP with Using NAP with VPN/Ipsec/802.1xVPN/Ipsec/802.1x
Q&AQ&A
AgendaAgenda
![Page 3: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/3.jpg)
Media Media
Personal FavorPersonal Favor
I think “it is important and essential to my I think “it is important and essential to my system”system”
My company have “fund” for securityMy company have “fund” for security
Why Security !!!??? – Wrong WayWhy Security !!!??? – Wrong Way
![Page 4: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/4.jpg)
Business ContinutyBusiness Continuty
Why Security !!!??? – Right WayWhy Security !!!??? – Right Way
Risk-based Risk-based model model
Defense in Defense in DepthDepth
Security Security Control with Control with ISO 27001ISO 27001
Risk Risk LevelLevel
ROIROI
![Page 5: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/5.jpg)
Risk-based Decision MakingRisk-based Decision Making
Business and IT TeamsBusiness and IT Teams
““Best Control Best Control Solution”Solution”
Information SecurityInformation Security
““Prioritize Risks”Prioritize Risks”
Business OwnersBusiness Owners
““What’s What’s Important”Important”
Assess Assess RisksRisks
Define Define Security Security
RequirementRequirementss
DeterminDetermine e
AcceptablAcceptable Riske Risk
Design & Build Design & Build Security Security SolutionsSolutions
Operate & Operate & Support Support Security Security SolutionsSolutions
Measure Measure Security Security SolutionsSolutions
![Page 6: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/6.jpg)
DemoDemo
Examining Connection Trace Examining Connection Trace Logs Logs
Examine Event LogsExamine Event Logs Examine Connection LogsExamine Connection Logs
demonstrationdemonstration
Defense in Depth with Microsoft Defense in Depth with Microsoft ProductProduct
![Page 7: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/7.jpg)
Enhanced SecurityAll communications are authenticated, authorized & healthyDefense-in-depth on your terms with DHCP, VPN, IPsec, 802.1XPolicy-based access that IT Pros can set and control
Increased Business Value
Preserves user productivity Extends existing investments in Microsoft and 3rd party infrastructure Broad industry partnership
Network Access Protection BenefitsNetwork Access Protection Benefits
Risk Risk LevelLevel
Health and Policy
Validation
Defense at
Multiple Layers
ROIROI
Healthy Endpoints Connect
Leverage Existing
Investments
![Page 8: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/8.jpg)
Why SecurityWhy Security
Introducing Network Access ProtectionIntroducing Network Access Protection
Using NAP with DHCPUsing NAP with DHCP
Using NAP with Using NAP with VPN/Ipsec/802.1xVPN/Ipsec/802.1x
Q&AQ&A
AgendaAgenda
![Page 9: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/9.jpg)
Network Access Protection SolutionNetwork Access Protection Solution
Policy ValidationPolicy Validation
Network RestrictionNetwork Restriction
RemediationRemediation
Ongoing ComplianceOngoing Compliance
Polices, Procedures, Polices, Procedures, and Awarenessand Awareness
DataData
ApplicationApplication
HostHost
Internal NetworkInternal Network
PerimeterPerimeter
![Page 10: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/10.jpg)
NAP Architecture OverviewNAP Architecture Overview
Network Network Policy ServerPolicy Server
Quarantine Server (QS)Quarantine Server (QS)
ClientClient
Quarantine Agent (QA)Quarantine Agent (QA)
Health policyHealth policyUpdatesUpdatesHealthHealth
StatementsStatements
NetworkNetworkAccessAccess
RequestsRequests
System Health System Health Servers Servers
Remediation Remediation Servers Servers
HealthHealthCertificateCertificate
Network Access Devices Network Access Devices and Serversand Servers
System Health Agent (SHASystem Health Agent (SHA))MS and 3rd PartiesMS and 3rd Parties
System Health ValidatorSystem Health Validator
Enforcement Client (EC)Enforcement Client (EC)(DHCP, IPSec, 802.1X, VPN)(DHCP, IPSec, 802.1X, VPN)
![Page 11: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/11.jpg)
NetworkNetworkAccessAccess
RequestsRequests Not Not CompliantCompliant
Policy Compliant
Policy Compliant
How NAP Works How NAP Works
Corporate NetworkCorporate Network
Restricted Restricted NetworkNetwork
WindowsWindowsClientClient
Network Network EnformentEnformentEndpointEndpoint
NPSNPS
ActiveActiveDirectoryDirectory
RemediationRemediationServersServers
HealthHealthStatementsStatements
QAQA
SHASHA
ECEC QSQS
SHVSHV
![Page 12: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/12.jpg)
Why Microsoft NAPWhy Microsoft NAP
Soft-based solution, free with Windows Soft-based solution, free with Windows Server 2008.Server 2008.
Integrated into the client operating system Integrated into the client operating system (XP SP3, Vista)(XP SP3, Vista)
Intergrated with Core System Intergrated with Core System (SCCM,FCS,WSUS)(SCCM,FCS,WSUS)
Integration with 3Integration with 3rdrd party security party security products(Cisco,Juniper,Symantec, Mcafee)products(Cisco,Juniper,Symantec, Mcafee)
NAP + Domain & Server Isolation = NAP + Domain & Server Isolation = Enforment SecEnforment Sec
Multiple types of enforcementMultiple types of enforcement
![Page 13: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/13.jpg)
Why SecurityWhy Security
Introducing Network Access ProtectionIntroducing Network Access Protection
Using NAP with DHCPUsing NAP with DHCP
Using NAP with Using NAP with VPN/Ipsec/802.1xVPN/Ipsec/802.1x
Q&AQ&A
AgendaAgenda
![Page 14: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/14.jpg)
NAP with DHCPNAP with DHCP
NPS ServerNPS ServerClientClient DHCP ServerDHCP Server
VPN ServerVPN Server
IEEE 802.1X DevicesIEEE 802.1X Devices
Remediation Remediation Servers Servers
Requesting access. Requesting access. Here’s my newHere’s my newhealth status.health status.
The client requests The client requests and receives and receives updatesupdates
I need to lease I need to lease an IP addressan IP address
You are not within the You are not within the Health Policy Health Policy requirementsrequirements
Access granted. Here is Access granted. Here is your new IP addressyour new IP address
![Page 15: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/15.jpg)
Demonstration EnvironmentDemonstration Environment
![Page 16: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/16.jpg)
Configuring NAP for DHCP Configuring NAP for DHCP
demonstrationdemonstration
![Page 17: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/17.jpg)
Why SecurityWhy Security
Introducing Network Access ProtectionIntroducing Network Access Protection
Using NAP with DHCPUsing NAP with DHCP
Using NAP with VPN/Ipsec/802.1xUsing NAP with VPN/Ipsec/802.1x
Q&AQ&A
AgendaAgenda
![Page 18: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/18.jpg)
NAP with VPN and RRASNAP with VPN and RRAS
NPS ServerClient VPN Server
Remediation Servers
RADIUS MessagesPEAP Messages
![Page 19: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/19.jpg)
IPsec-based CommunicationIPsec-based Communication
Secure networkSecure network
Boundary networkBoundary network
Restricted networkRestricted network
IPsec AuthenticatedIPsec Authenticated
UnauthenticatedUnauthenticated
![Page 20: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/20.jpg)
Most Wireless Security for Enterprise with NAPMost Wireless Security for Enterprise with NAPInteroperation with many 802.1x SwitchInteroperation with many 802.1x Switch
Network Policy ServerNetwork Policy ServerAuthentication ServerAuthentication Server
802.1x Access Points802.1x Access Points
802.1x Switch802.1x SwitchWireless ClientsWireless Clients
Active DirectoryActive Directory
Health Requirement Health Requirement ServerServer
Certificate Authority Certificate Authority (Optional)(Optional)
Using NAP with 802.1x DeviceUsing NAP with 802.1x Device
![Page 21: MS NAP - Security Day](https://reader035.vdocuments.us/reader035/viewer/2022062617/54bb3d954a7959ae068b456d/html5/thumbnails/21.jpg)
Q&A and Thanks YouQ&A and Thanks Youwww.CaoSonBlog.comwww.CaoSonBlog.com