ms nap data sheet v16
TRANSCRIPT
7/23/2019 Ms Nap Data Sheet v16
http://slidepdf.com/reader/full/ms-nap-data-sheet-v16 1/2
Network Access ProtectionEnsuring network health through policy-based access enforcement
What is Network Access Protection?
Network Access Protection (NAP) is a policy
enforcement platform built into Windows Vista
®
andWindows Server ®
2008. It is designed to inspect,assess, ensure compliance to policy, and remediate,where necessary, endpoints (e.g. laptops or otherdevices) attempting to access networked resources,such as applications, data, and information.
Network Access Protection is designed to protectboth remote and local users from viruses, worms,and malicious software by helping to verify anddirectly update any computer attempting to accessthe network while restricting the network access ofnon-compliant clients. This set of technologies allowsan IT administrator to keep the endpoints healthyand provides flexible control to set the policy of whatis considered healthy enough to connect to thenetwork.
How does it work?
When a client tries to access the network, it mustpresent its system health state. If a client cannotprove it is compliant with the system health policy, itsaccess to the network can be restricted to a specialnetwork segment containing access to serverresources so compliance issues can be remedied. After the updates are installed, the client again
requests access to the network, presenting updatedhealth credentials. Now compliant, the client isgranted full access to the network based on theassociated access policy. For greater control andbetter user experience, health credentials arereusable for immediate access to the network untilthere is a change in client health state or systemhealth policy.
Solution Overview
Policy Validation
Determines whether endpoints are compliantwith health and security policy. Compliantendpoints are deemed healthy.
Network RestrictionRestricts network access based on validatedendpoint health state.
RemediationProvides necessary updates to enable endpointsto get to a healthy state. Once healthy, networkrestrictions are removed.
Ongoing ComplianceChanges to the health/security policy or to theendpoint’s health state may dynamically result innetwork restriction and remediation.
Flexibility of Enforcement Options
Network Access Protection is about defense in depthand customer choice. A customer can implementNetwork Access Protection using the enforcementmechanism best suited to the company’s businessneeds, threat model, existing infrastructure, andinfrastructure upgrade schedule.
Protect network access, host access, application access in anycombination, as needed, where appropriate.
EnforcementOption
HealthyClient
UnhealthyClient
IPsec Can communicate
with any trustedpeer
Connection requests
rejected by healthy peers
802.1X Full access Restricted VLAN
SSL applicationproxy
Full applicationaccess
Access to restrictedset of resources
VPN Full access IP filters enforced atVPN servers
DHCP Full IP addressgiven, full access
Restricted set of routes
Network Access Protection Process
NPSPolicyServer
Network AccessDevice
Remediation Server
Restricted Network
Corporate Network
Validation
Statementof Health
Client is issuedhealth certificate
Unhealthy
Healthy
Health Registration Authority
7/23/2019 Ms Nap Data Sheet v16
http://slidepdf.com/reader/full/ms-nap-data-sheet-v16 2/2
Features List
DHCP NAP
RRAS/VPN NAP
IPsec NAP
Health Registration AuthorityServer
Vulnerability AssessmentSystem Health Agent/Validator
NAP Audit Only Mode
NAP Enforcement Mode
802.1X NAP
Improved NPS UI
Health Registration AuthorityServer Management
Integration with multiple Antivirus vendors
Interoperability with SystemsCenter Configuration Managerand Operations Manager
Interoperability with ForefrontClient Security
NAP Statement of Health(SOH) adopted by the TrustedComputing Group’s TNC.
System Requirements
Windows Server ® 2008
DHCP Server service
Routing and Remote Accessservice
Network Policy Server (NPS)
Health Registration AuthorityServer
Health Registration AuthorityServer Management
Client Support
Windows Vista®
Windows® XP Service Pack 3
(SP3)
Licensable APIs for thirdparty vendors to write support
for Windows 2000, UNIX,Linux, or Mac clients
NAP agents for Mac andLinux clients availablethrough partners
Resources & Contacts
Web site and Whitepaperswww.microsoft.com/nap
FAQhttp://www.microsoft.com/windowsserver2003/techinfo/overview/napfaq.mspx
Partners
http://www.microsoft.com/windowsserver2003/partners/nappartners.mspx
Questions and [email protected]
Industry Support A broad array of networking vendors have plans to innovate on top of the extensible architecture. This meansinvestments you have already made in your infrastructure can be readily leveraged and plugged ininterchangeably. To view a list of partners, please visit http://www.microsoft.com/nap.
© 2005 Microsoft Corporation. All rights reserved.This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Network Access Protection
Microsoft ®