This document summarizes Network Access Protection (NAP) in Windows Server 2008. It discusses how NAP enhances security by authenticating, authorizing, and validating the health of systems connecting to the network. It provides an overview of the NAP architecture and how NAP works with DHCP, VPN/IPsec, and 802.1x to control network access based on system health policies. The document also demonstrates NAP configurations for DHCP and VPN/RRAS enforcement of health policies.
How to Troubleshoot Apps for the Modern Connected Worker
MS NAP - Security Day
1. Windows Server 2008 – Network Access Protection (NAP) Presented by Vu Nguyen Cao Son EPG Technical Specialist [email_address] www.CaoSonBlog.com
2.
3.
4.
5. Risk-based Decision Making Business and IT Teams “ Best Control Solution” Information Security “ Prioritize Risks” Business Owners “ What’s Important” Assess Risks Define Security Requirements Determine Acceptable Risk Design & Build Security Solutions Operate & Support Security Solutions Measure Security Solutions
6.
7.
8.
9.
10. NAP Architecture Overview Network Policy Server Quarantine Server (QS) Client Quarantine Agent (QA) Health policy Updates Health Statements Network Access Requests System Health Servers Remediation Servers Health Certificate Network Access Devices and Servers System Health Agent (SHA ) MS and 3rd Parties System Health Validator Enforcement Client (EC) (DHCP, IPSec, 802.1X, VPN)
11. How NAP Works Network Access Requests Corporate Network Restricted Network Windows Client Network Enforment Endpoint NPS Active Directory Health Statements QA SHA EC QS SHV Not Compliant Policy Compliant Remediation Servers
12.
13.
14. NAP with DHCP Requesting access. Here’s my new health status. The client requests and receives updates I need to lease an IP address You are not within the Health Policy requirements Access granted. Here is your new IP address NPS Server Client DHCP Server VPN Server IEEE 802.1X Devices Remediation Servers