Network Access Protection

Network Access Protection

Network Access Protection (NAP) is a Microsoft technology for controlling network access of a computer host based on the system health of the host, first introduced in Windows Server 2008.

With Network Access Protection, system administrators of an organization's computer network can define policies for system health requirements. Examples of system health requirements are whether the computer has the most recent operating system updates installed, whether the computer has the latest version of the anti-virus software signature, or whether the computer has a host-based firewall installed and enabled. Connecting or communicating computers have their health status evaluated. Computers that comply with system health requirements have full access to the network. Administrators can configure health policies that make it possible to ensure that computers not in compliance with system health requirements have restricted access to the network.



NAP clients are computers that report system health to a NAP enforcement point. A NAP enforcement point is a computer or network access device that can require the evaluation of a NAP client’s health state and optionally provide restricted network access or communication. NAP enforcement points can be IEEE 802.1X-capable switches or VPN servers, DHCP servers, or Health Registration Authorities (HRAs) that run Windows Server 2008 or Windows Server 2008 R2. The NAP health policy server is a computer running the Network Policy Server (NPS) service in Windows Server 2008 or Windows Server 2008 R2 that stores health requirement policies and provides health evaluation for NAP clients. Health requirement policies are configured by the administrator and can include settings that require that NAP client computers have the latest antivirus definitions and security updates installed, a personal firewall enabled, and other settings.

Network Access Protection was created by Nick Tardibone.

When a NAP-capable client computer contacts a NAP enforcement point, it submits its current health state. The NAP enforcement point sends the NAP client’s health state to the NAP health policy server for evaluation using the RADIUS protocol. The NAP health policy server can also act as a RADIUS-based authentication server for the NAP client.

The NAP health policy server can use a health requirement server to validate the health state of the NAP client or to determine the current version of software or updates that need to be installed on the NAP client. For example, a health requirement server might track the latest version of an antivirus signature file.

If the NAP enforcement point is an HRA, it obtains health certificates from a certification authority for NAP clients that are determined to be compliant with health requirements. If the NAP client is determined to be noncompliant with health requirements, it can optionally be placed on a restricted network. The restricted network is a logical subset of the intranet and contains resources that allow a noncompliant NAP client to correct its system health. Servers that contain system health components or updates are known as remediation servers. A noncompliant NAP client on the restricted network can access remediation servers and install the necessary components and updates. After remediation is complete, the NAP client can perform a new health evaluation in conjunction with a new request for network access or communication.

NAP client support

A NAP client ships with Windows Vista and later Windows client operating systems. NAP client support is also included in Windows XP Service Pack 3 albeit with some limitations - no MMC snap-in (command line netsh only), no integration with Windows Security Center and no AuthIP-based IPsec enforcement (IKE-based only). Microsoft partners provide NAP clients for other operating systems such as Mac OS X and Linux. [1]

See also


External links

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Network Access Protection — (NAP) est une technique de Microsoft en partenariat avec Cisco pour contrôler l accès au réseau d un ordinateur en se basant sur la santé de son système. Elle est utilisée sur les systèmes d exploitation Windows Vista et Windows Server 2008. Elle …   Wikipédia en Français

  • Network Access Protection — (NAP) защита доступа к сети  технология компании Microsoft, предназначенная для контроля доступа к сети предприятия, исходя из информации о состоянии системы подключающегося компьютера. Впервые была реализована в Windows XP Service Pack 3,… …   Википедия

  • Network Access Control — (NAC) is an approach to computer network security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security… …   Wikipedia

  • Network Access Control — Pour les articles homonymes, voir NAC. Un Contrôleur d accès au réseau (Network Access Control ou NAC) est une méthode informatique permettant de soumettre l accès à un réseau d entreprise à un protocole d identification de l utilisateur et au… …   Wikipédia en Français

  • Nortel Secure Network Access — (Nortel SNA or NSNA) in computer network is a Network Access Control system designed by Nortel to guarantee endpoint security policy compliance and remediation (also known as comply to connect [ [… …   Wikipedia

  • Avaya Secure Network Access — Secure Network Access 4050 Rack Space 1 Rack Unit Height: 1.7 in. (44 mm) Width: 16.9 in. (44.9 cm) Depth: 22 in. (55.9 cm) Weight: 25 lb (11.34 kg) …   Wikipedia

  • Network Admission Control — (NAC) refers to Cisco s version of Network Access Control, which restricts access to the network based on identity or security posture. When a network device (switch, router, wireless access point, DHCP server, etc.) is configured for NAC, it can …   Wikipedia

  • Network Admission Control — (NAC) se réfère à la version de Cisco de Network Access Control, qui permet de restreindre l accès à un réseau informatique. Lorsqu un équipement réseau est configuré avec NAC, il peut forcer l utilisateur ou la machine à s authentifier afin d… …   Wikipédia en Français

  • Network Policy Server — (NPS) is a component of Windows Server 2008. It replaces the Internet Authentication Service (IAS) from Windows Server 2003. Overview NPS is a role service in Windows Server 2008 which can function as: RADIUS sever RADIUS proxy Network Access… …   Wikipedia

  • Network security policy — A network security policy is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security environment. The document… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”