September 26, 2006

Attended NAP (Network Access Protection) seminar

Today I got a chance to attend a seminar on NAP which is a feature incorporated in Windows Vista and Longhorn. It was held on internet live meeting.

Network Access Protection (NAP) is a policy enforcement platform built into the Microsoft Windows Vista and Windows Server Code Name "Longhorn" operating systems that allows you to better protect network assets by enforcing compliance with system health requirements. With Network Access Protection, you can create customized health policies to validate computer health before allowing access or communication, automatically update compliant computers to ensure ongoing compliance, and optionally confine noncompliant computers to a restricted network until they become compliant.

NAP in simple terms is a way for client to ensure that its up to date with the system-company security policy. Steps,

  • Validation : Client validates to check whether its up-to-date
  • Restriction : Client will be put on quarantine giving option to go to Remediation.
  • Remediation : Can get ready by installing updates/starting firewall or doing what is necessary and becoming healthy again.

Various partners in NAP

  • System Health Agents : Declares status (patches, configuration etc.)
  • System Health Validators : Certify declarations
  • System Health Servers : Defines the requirements according to the policy
  • Remediation Servers : Installs the necessary things and does proper settings on the clients according to the policy
  • Health Registration Authority : Issues certificates to clients that pass checks.
  • Quarantine Agent : Reports client health status, coordinates with SHA and QEC.

So, for example, you are not having latest antivirus definitions updated or say you dont have firewall turned on, or you dont have latest windows update installed on your machine and your administrator has defined policy so that clients must have both things, you will not be given full network access. You will just get few network locations enabled where you can update your computer with up to date configuration. So, system administrators can ensure that all clients are up to date and data disasters can be less, more security can be achieved. So, whole network protocol has been changed to incorporate these changes into Operating System.

More information about NAP can be received at,
http://www.microsoft.com/technet/itsolutions/network/nap/default.mspx

I can tell one thing. NAP is a great technology!!!