Understanding Network Access Protection (NAP) in Windows Server 2008 R2

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
NAP in Windows Server 2008 R2 is composed of a series of components that provide for the ability to restrict client access to networks through various mechanisms such as controlling who gets an IP address from a DHCP server or who issues an IPSec certificate. NAP itself was developed as an industry-independent technology, and was made with a published set of APIs that allow third-party vendors, such as network device makers and other software companies, to develop their own set of devices that integrate together with Windows Server 2008 R2 devices.

Exploring the Reasons for Deploying NAP

Network Access Protection was developed as a technology in response to the threats faced by computers that are not up to date with the latest security patches or do not have other security controls in place, such as up-to-date versions of antivirus software or the lack of a local software firewall. These systems are often the first to be compromised, and are often the target of spyware attacks and are, subsequently, especially vulnerable.

Simply allowing these clients unfettered access to a network is no longer an option. Compromised systems inside an internal network pose an especially strong security risk, as they could easily be controlled by malicious entities and could compromise sensitive data. Identifying a method for controlling these clients is becoming critical, which is why Microsoft developed the NAP concept in Windows Server 2008 R2.

Outlining NAP Components

There are three main characteristics of NAP, all of which are included within Windows Server 2008 R2 functionality. These characteristics are as follows:

  • Health policy compliance— The ability to fix the problem is central to a NAP platform. Subsequently, compliance mechanisms, such as Windows Server Update Services (WSUS) servers, System Center Configuration Manager 2007 agents, and other remediation services fill the health policy compliance space of a NAP platform. Windows Server 2008 R2 can automatically refer clients to a remediation server before granting full network access. For example, a client that is out of date with patches can be referred to a WSUS server to have their patches installed.

  • Health state validation— Through agents on the client systems, the specific state of an individual client can be monitored and logged. The administrator of a NAP platform will be able to tell how many systems on the network are out of date with patches, don’t have their firewalls turned on, and many other health state statistics. In some cases, health status is simply noted; in others, it is used to block access to clients.

  • Access limitation— The cornerstone to an effective NAP platform is the ability to restrict access to networks based on the results of the health state validation. The type of access granted can be very granular. For example, clients can have access to specific systems for patching, but not to other clients. Windows Server 2008 R2 includes custom access limitation capabilities in NAP, allowing administrators to create flexible policies.

Understanding Windows Server 2008 R2 NAP Terminology

The following terms are useful to understand NAP concepts used in Windows Server 2008 R2:

  • Enforcement Client (EC)— A client that takes part in a NAP infrastructure. Windows 7, Windows Vista, and Windows XP SP3 support NAP and can be an EC in a NAP topology, as they all contain the System Health Agent component.

  • Enforcement Server (ES)— A server that takes part in a NAP infrastructure and enforces the policies. In Windows Server 2008 R2, this is the Network Policy Server (NPS) role.

  • System Health Agent (SHA)— The actual agent that sends health information to the NAP ES servers. In Windows 7, Windows Vista, and Windows XP SP3, this is the Windows System Health Validator SHA, which is a service that runs on each client and monitors the local Windows Security Center on the machines.

  • System Health Validator (SHV)— An SHV is the server-side component of NAP that processes the information received from the SHAs and enforces policies. The Windows Server 2008 R2 SHV can be fully integrated into NAP products from other vendors, as it is based on open standards.

  • Remediation Server— A server that is made accessible to clients that have failed the NAP policy tests. These servers generally provide for services that clients can use to comply with policies, such as WSUS servers, DNS servers, and System Center Configuration Manager servers.

Changes in NAP and NPS in Windows Server 2008 R2

NAP and NPS concepts were originally built in to the original Windows Server 2008 operating system. Windows Server 2008 R2 adds a few changes and improvements to both technologies, including the following:

  • Multiconfiguration Service Health Validators— The biggest change to NAP in Windows Server 2008 R2 is the ability to create multiple SHVs across a single set of NAP health policy servers. This allows for multiple policies, creating some which might be more or less restrictive and providing for the creation of exceptions.

  • NPS templates— Templates are now provided for elements such as RADIUS clients or shared secrets. These templates can be exported for use on other NPS servers.

  • Accounting improvements in NPS— RADIUS accounting improvements have been added to NPS along with full support for international character sets providing better logging and tracking capabilities.

  •  Programming .NET Security : Cryptographic Keys Explained
  •  Windows Server 2008 : Transport-Level Security - Using IPSec Encryption with Windows Server 2008 R2
  •  Windows Server 2008 : Transport-Level Security - Active Directory Rights Management Services
  •  Understanding Active Directory Certificate Services (AD CS) in Windows Server 2008 R2
  •  Deploying a Public Key Infrastructure with Windows Server 2008 R2
  •  Introduction to Transport-Level Security in Windows Server 2008 R2
  •  Windows Server 2008 : Using Windows Server Update Services
  •  Programming .NET Security : Programming XML Signatures (part 3) - Verifying an XML Signature
  •  Programming .NET Security : Programming XML Signatures (part 2) - Embedding Objects in the Signature
  •  Programming .NET Security : Programming XML Signatures (part 1) - XMLDSIG Explained & Signing an XML Document
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    - Messages forwarded by Outlook rule go nowhere
    - Create and Deploy Windows 7 Image
    - How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
    - Creating and using an unencrypted cookie in ASP.NET
    - Directories
    - Poor Performance on Sharepoint 2010 Server
    - SBS 2008 ~ The e-mail alias already exists...
    - Public to Private IP - DNS Changes
    - Send Email from Winform application
    - How to create a .mdb file from ms sql server database.......
    programming4us programming4us