1 / 25

Windows Server 2008 Network Access Protection (NAP) Technical Overview

Windows Server 2008 Network Access Protection (NAP) Technical Overview. What Will We Cover?. Introducing Network Access Protection Network Access Protection Architecture Reviewing NAP Enforcement Options. Helpful Experience. Familiarity with DHCP Knowledge of IPsec

gavan
Download Presentation

Windows Server 2008 Network Access Protection (NAP) Technical Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Server 2008 Network Access Protection (NAP) Technical Overview

  2. What Will We Cover? • Introducing Network Access Protection • Network Access Protection Architecture • Reviewing NAP Enforcement Options

  3. Helpful Experience • Familiarity with DHCP • Knowledge of IPsec • Familiarity with RRAS and VPN Level 300

  4. Agenda • Introducing Network Access Protection • Using NAP with DHCP • Using NAP with VPN • Using NAP with IPsec

  5. Network Access Protection Solution Policy Validation Network Restriction Remediation Ongoing Compliance Polices, Procedures, and Awareness Data Application Host Internal Network Perimeter

  6. NAP Architecture Overview System Health Servers Remediation Servers Updates Healthpolicy Network Access Requests Client Health Statements Network Policy Server System Health Agent (SHA) MS and 3rd Parties Health Certificate SystemHealthValidator Quarantine Agent (QA) Network Access Devices and Servers Enforcement Client (EC) (DHCP, IPSec, 802.1X, VPN) QuarantineServer(QS)

  7. Network Layer Protection with NAP System Health Servers Restricted Network Remediation Servers Here you go. Can I have updates? Ongoing policy updates to Network Policy Server May I have access? Here’s my current health status. Should this client be restricted based on its health? Requesting access. Here’s my new health status. According to policy, the client is not up to date. Quarantine client, request it to update. According to policy, the client is up to date. Grant access. You are given restricted access until fix-up. Client 802.1x Switch MS NPS Client is granted access to full intranet.

  8. Host Layer Protection with NAP No Policy Authentication Optional Authentication Required May I have a health certificate? Here’s my SoH. Client ok? Yes. Issue health certificate. No. Needs fix-up. You don’t get a health certificate. Go fix up. Here’s your health certificate.  X HRA NPS Client I need updates. Accessing the network Here you go. Remediation Server

  9. NAP – Enforcement Options Enforcement Healthy Client Unhealthy Client DHCP Full IP address given, full access Restricted set of routes Infrastructure and API Setv VPN Full access Restricted VLAN 802.1X Full access Restricted VLAN Customer Choice IPsec Can communicate with any trusted peer Healthy peers reject connection requests from unhealthy systems IPsec-based Enforcement Complements layer 2 protection Works with existing servers and infrastructure Offers flexible isolation

  10. Introducing Network Access Protection Using NAP with DHCP Using NAP with VPN Using NAP with IPsec Agenda

  11. NAP with DHCP IEEE 802.1X Devices DHCP Server Client NPS Server Remediation Servers VPN Server Requesting access. Here’s my new health status. I need to lease an IP address You are not within the Health Policy requirements Access granted. Here is your new IP address The client requests and receives updates

  12. Demonstration Environment

  13. Demo demonstration • Configuring NAP for DHCP • Configure Health Policies • Configure Network Policies • Enable Client NAP Settings

  14. Introducing Network Access Protection Using NAP with DHCP Using NAP with VPN Using NAP with IPsec Agenda

  15. NAP with VPN and RRAS VPN Server Client NPS Server Remediation Servers RADIUS Messages PEAP Messages

  16. Demo demonstration • Configuring NAP for VPN • Configure RRAS Settings • Configure Connection Request Policy • Configure Network Policies

  17. Introducing Network Access Protection Using NAP with DHCP Using NAP with VPN Using NAP with IPsec Agenda

  18. IPsec-based Communication IPsec Authenticated Unauthenticated Secure network Boundary network Restricted network

  19. Demo demonstration • Configuring NAP for IPsec • Configure Exemption Group • Configure Certificate Settings • Configure Health Registration Authority

  20. Session Summary • NAP provides policy-driven access control • Customer choice—flexible, selectable enforcement • Broad industry support

  21. For More Information Visit TechNet at:www.microsoft.com/technet Visit the following site for additional information: www.microsoft.com/technet/add-302

  22. Training Resources For training information and availabilitywww.microsoft.com/learning

  23. Readiness with Skills Assessment • Self-study learning tool, free to anyone • Determines skills gaps • Provides learning plans • Post your score, see how you rank Visit: www.microsoft.com/assessment

  24. Become a Microsoft Certified Professional • What are MCP certifications? Validation in performing critical IT functions • Why certify? WW recognition of skills gained through experience More effective deployments with reduced costs • What certifications are there for IT Pros? MCP, MCSE, MCSA, MCDST, MCDBA www.microsoft.com/learning/mcp

  25. TechNet Plus TechNet Plus is an essential premium web-enabled and live support resource that provides IT Professionals with fast and easy access to Microsoft experts, software and technical information, enhancing IT productivity, control and planning. Evaluate & Learn Plan & Deploy Support & Maintain • 2 complimentaryProfessional Support incidents for use 24/7 (20% discount on additional incidents) • Access over 100 managed newsgroups and get next business day response--guaranteed • Use the TechNet Library to maintain your IT environment with security updates, service packs and utilities • Evaluate full versions of all Microsoft commercial software for evaluation—without time limits. This includes all client, server and Office applications. • Try out all the latest betas before public release • Keep your skills current with select Microsoft E-Learning courses free each quarter • Use the TechNet Library to plan for deployment using the Knowledge Base, resource kits, and technical training • Use exclusive tools like System Center Capacity Planner to accurately plan for and deploy Exchange Server and System Center Operations Manager • Stay informed with your free subscription to TechNet Magazine. Get all these resources and more with a TechNet Plus subscription. For more information visit: technet.microsoft.com/subscriptions

More Related