network access protection

• Layered Infrastructure • Policy based • Open to third parties • Denied network access/Quarantine • Remediation • NAP clients

Upload: zernike-college

Post on 24-Dec-2014

853 views

Category:

Education

1 download

Report

Download

Tags:

Embed Size (px):

DESCRIPTION

WINDOWS 2008 Network Access Protection

TRANSCRIPT

•Layered Infrastructure•Policy based•Open to third parties•Denied network access/Quarantine•Remediation•NAP clients

Private Network

Unhealthy computer

Healthy computer

Accessing the network X

Remediation Server

NPS

HRAClient

No Policy

Authentication Optional

AuthenticationRequired

ClientSystem Health Agent (SHA)

Quarantine Agent (QA)

Enforcement Client (EC)

ServicesRemediation Server

Network Access Device and Server

System Health Server

Network Policy Server (NPS)

Quarantine Server (RADIUS)

System Health Validator (SHV)

Client SHV

NPS

Remediation

Network Access Device or Server

(RADIUS)

(SHV)

According to policy, the client is not up to date. Quarantine client, request it to update.

Should this client be restricted basedon its health?

Requesting access. Here’s my newhealth status.

MS NPSClient

802.1xSwitch

Remediation Servers

May I have access?Here’s my current health status.

Ongoing policy updates to Network

Policy Server

You are given restricted accessuntil fix-up.

Can I have updates?

Here you go.

Restricted Network

Client is granted access to full intranet.

System Health Servers

According to policy, the client is up to date.

Grant access.

•Nap client available for XP sp2•Cisco Network Admission Control (NAC)•Avenda Linux NAP Agent

Features Authentication Methods PEAPv0 (EAP-MSCHAPv2) PEAPv0 (EAP-TLS) Health Check Firewall Status - Check for firewall status, with auto-remediation Service Status - Check for different services. Auto-remediate by starting or stopping services. Firewall Ports - Check status of open or blocked TCP/UDP ports Anti-Virus Status - Check if anti-virus software is up-to-date Supported Platforms;

Redhat Enterprise Linux 4 and aboveCentOS 5 and above Fedora Core 6 and above

Avenda Linux NAP SHV for Microsoft NPS Features Health Check Firewall Status - Check for firewall status and open/blocked ports.

Auto Remediation - Turn on firewall; block or open ports. Service Status - Check status of different services running on the system.

Auto Remediation - Start or stop services. Anti-Virus Status - Check if anti-virus is running.

Auto Remediation - Start anti-virus.

Sample Chapters from Windows Server 2008 Networking and Network Access Protection

Module 12 Configuring Network Access Protection. Module Overview Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting

McAfee Policy Enforcer network access control solution · McAfee Policy Enforcer network access control solution ... Protection,™ which includes McAfee Policy Enforcer network access

Heterogeneous Wireless Access Network Protection for Ultra

Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008

Access Protection

Selecting the Right Network Access Protection Architecture Infrastructure Planning and Design Series