Network Access Protection

Network Access Protection: Network Access Protection (NAP) is a Microsoft technology for controlling network access of a computer host based on the system health of the host, first introduced in Windows Server 2008.

With Network Access Protection, system administrators of an organization's computer network can define policies for system health requirements. Examples of system health requirements are whether the computer has the most recent operating system updates installed, whether the computer has the latest version of the anti-virus software signature, or whether the computer has a host-based firewall installed and enabled. Connecting or communicating computers have their health status evaluated. Computers that comply with system health requirements have full access to the network. Administrators can configure health policies that make it possible to ensure that computers not in compliance with system health requirements have restricted access to the network.

Contents

1 Overview

2 NAP client support

3 See also

4 References

5 External links

Overview

NAP clients are computers that report system health to a NAP enforcement point. A NAP enforcement point is a computer or network access device that can require the evaluation of a NAP client’s health state and optionally provide restricted network access or communication. NAP enforcement points can be IEEE 802.1X-capable switches or VPN servers, DHCP servers, or Health Registration Authorities (HRAs) that run Windows Server 2008 or Windows Server 2008 R2. The NAP health policy server is a computer running the Network Policy Server (NPS) service in Windows Server 2008 or Windows Server 2008 R2 that stores health requirement policies and provides health evaluation for NAP clients. Health requirement policies are configured by the administrator and can include settings that require that NAP client computers have the latest antivirus definitions and security updates installed, a personal firewall enabled, and other settings.

Network Access Protection was created by Nick Tardibone.

When a NAP-capable client computer contacts a NAP enforcement point, it submits its current health state. The NAP enforcement point sends the NAP client’s health state to the NAP health policy server for evaluation using the RADIUS protocol. The NAP health policy server can also act as a RADIUS-based authentication server for the NAP client.

The NAP health policy server can use a health requirement server to validate the health state of the NAP client or to determine the current version of software or updates that need to be installed on the NAP client. For example, a health requirement server might track the latest version of an antivirus signature file.

If the NAP enforcement point is an HRA, it obtains health certificates from a certification authority for NAP clients that are determined to be compliant with health requirements. If the NAP client is determined to be noncompliant with health requirements, it can optionally be placed on a restricted network. The restricted network is a logical subset of the intranet and contains resources that allow a noncompliant NAP client to correct its system health. Servers that contain system health components or updates are known as remediation servers. A noncompliant NAP client on the restricted network can access remediation servers and install the necessary components and updates. After remediation is complete, the NAP client can perform a new health evaluation in conjunction with a new request for network access or communication.

NAP client support

A NAP client ships with Windows Vista and later Windows client operating systems. NAP client support is also included in Windows XP Service Pack 3 albeit with some limitations - no MMC snap-in (command line netsh only), no integration with Windows Security Center and no AuthIP-based IPsec enforcement (IKE-based only). Microsoft partners provide NAP clients for other operating systems such as Mac OS X and Linux. ^[1]

See also

Access control

Network Admission Control

Network Access Control

Network security

Computer security

PacketFence - The leading Free and Open Source NAC solution

References

^ XP NAP Rude Q and A: Network Access Protection team blog

External links

Microsoft's Network Access Protection Web page

Microsoft's Network Access Protection Web page on Microsoft Technet

NAP Blog on Microsoft Technet

Microsoft's Network Access Protection Design Guide on Microsoft Technet

Microsoft's Network Access Protection Deployment Guide on Microsoft Technet

Microsoft's Network Access Protection Troubleshooting Guide on Microsoft Technet

v · d · eMicrosoft Windows components

Core

Active Scripting (WSH · VBScript · JScript) · Aero · AutoPlay · AutoRun · ClearType · COM (ActiveX · ActiveX Document · COM Structured storage · DCOM · OLE · OLE Automation · Transaction Server) · Desktop Window Manager · DirectX · Explorer · Graphics Device Interface · Imaging Format · .NET Framework · Search (IFilter · Saved search) · Server Message Block · Shell (Extensions · File associations · Namespace · Special Folders) · Start menu · Previous Versions · Taskbar · Windows USER · Win32 console · XML Paper Specification

Management tools

Backup and Restore Center · cmd.exe · Control Panel (Applets) · Device Manager · Disk Cleanup · Disk Defragmenter · Driver Verifier · Event Viewer · IEAK · IExpress · Management Console · Netsh · Problem Reports and Solutions · Resource Monitor · ‎Sysprep · System Policy Editor · System Configuration · Task Manager · System File Checker · System Restore · WMI · Windows Installer · Windows PowerShell · Windows Update · WAIK · WinSAT · Windows Easy Transfer

Applications

Calculator · Character Map · Contacts · DVD Maker · Fax and Scan · Internet Explorer · Journal · Magnifier · Media Center · Media Player · Mobile Device Center · Mobility Center · Narrator · Notepad · Paint · Windows Photo Viewer · Private Character Editor · Remote Assistance · Windows Desktop Gadgets · Snipping Tool · Sound Recorder · Store · Speech Recognition · Tablet PC Input Panel · WordPad · Portable Workspace Creator

Games

3D Pinball for Windows - Space Cadet · Chess Titans · FreeCell · Hearts · Hover! · Hold 'Em – Inkball · Mahjong Titans · Minesweeper · Purble Place · Reversi · Solitaire · Spider Solitaire · Microsoft Tinker

Kernel

Ntoskrnl.exe · hal.dll · System Idle Process · Registry · DLL · EXE · NTLDR / Boot Manager · Winlogon · Recovery Console · I/O · WinRE · WinPE · Kernel Patch Protection

Services

SCM · BITS · Task Scheduler · Wireless Zero Configuration · Shadow Copy · Error Reporting · Multimedia Class Scheduler · CLFS

File systems

NTFS (Hard link · Junction point · Mount Point · Reparse point · Symbolic link · TxF · EFS) · WinFS · FAT (FAT12 · FAT16 · FAT32) · exFAT · CDFS · UDF · DFS · IFS

Server

Domains · Active Directory · DNS · Group Policy · Roaming user profiles · Folder redirection · Distributed Transaction Coordinator · MSMQ · Windows Media Services · Rights Management Services · IIS · Terminal Services · WSUS · Windows SharePoint Services · Network Access Protection · PWS · DFS Replication · Remote Differential Compression · Print Services for UNIX · Remote Installation Services · Windows Deployment Services · System Resource Manager · Hyper-V

Architecture

NT series architecture · Object Manager · Startup process (Vista/7) · I/O request packet · Kernel Transaction Manager · Logical Disk Manager · Security Accounts Manager · Windows File Protection / Windows Resource Protection · Windows library files · LSASS · CSRSS · SMSS · MinWin

Security

Action Center · BitLocker · Defender · Data Execution Prevention · Mandatory Integrity Control · Protected Media Path · User Account Control · User Interface Privilege Isolation · Windows Firewall

Compatibility

command.com · Interix · Unix subsystem (Microsoft POSIX) · Virtual DOS machine · Windows on Windows · Windows XP Mode · WoW64

Categories:
Microsoft Windows security technology
Windows Server

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

Network Access Protection — (NAP) est une technique de Microsoft en partenariat avec Cisco pour contrôler l accès au réseau d un ordinateur en se basant sur la santé de son système. Elle est utilisée sur les systèmes d exploitation Windows Vista et Windows Server 2008. Elle … Wikipédia en Français
Network Access Protection — (NAP) защита доступа к сети технология компании Microsoft, предназначенная для контроля доступа к сети предприятия, исходя из информации о состоянии системы подключающегося компьютера. Впервые была реализована в Windows XP Service Pack 3,… … Википедия
Network Access Control — (NAC) is an approach to computer network security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security… … Wikipedia
Network Access Control — Pour les articles homonymes, voir NAC. Un Contrôleur d accès au réseau (Network Access Control ou NAC) est une méthode informatique permettant de soumettre l accès à un réseau d entreprise à un protocole d identification de l utilisateur et au… … Wikipédia en Français
Nortel Secure Network Access — (Nortel SNA or NSNA) in computer network is a Network Access Control system designed by Nortel to guarantee endpoint security policy compliance and remediation (also known as comply to connect [ [http://www.lightreading.com/document.asp?doc… … Wikipedia
Avaya Secure Network Access — Secure Network Access 4050 Rack Space 1 Rack Unit Height: 1.7 in. (44 mm) Width: 16.9 in. (44.9 cm) Depth: 22 in. (55.9 cm) Weight: 25 lb (11.34 kg) … Wikipedia
Network Admission Control — (NAC) refers to Cisco s version of Network Access Control, which restricts access to the network based on identity or security posture. When a network device (switch, router, wireless access point, DHCP server, etc.) is configured for NAC, it can … Wikipedia
Network Admission Control — (NAC) se réfère à la version de Cisco de Network Access Control, qui permet de restreindre l accès à un réseau informatique. Lorsqu un équipement réseau est configuré avec NAC, il peut forcer l utilisateur ou la machine à s authentifier afin d… … Wikipédia en Français
Network Policy Server — (NPS) is a component of Windows Server 2008. It replaces the Internet Authentication Service (IAS) from Windows Server 2003. Overview NPS is a role service in Windows Server 2008 which can function as: RADIUS sever RADIUS proxy Network Access… … Wikipedia
Network security policy — A network security policy is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security environment. The document… … Wikipedia

Academic Dictionaries and Encyclopedias

Network Access Protection

Contents

Overview

NAP client support

See also

References

External links

Look at other dictionaries:

Share the article and excerpts

Academic Dictionaries and Encyclopedias

Wikipedia

Network Access Protection

Contents

Overview

NAP client support

See also

References

External links

Look at other dictionaries:

Share the article and excerpts

Direct link