NAP / PWG Discussion August 17, 2009.

Slides:

Advertisements

Similar presentations

Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.

Advertisements

Tech·Ed North America /6/2017 9:33 AM

Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

May 30 th – 31 st, 2006 Sheraton Ottawa. Network Access Protection Gene Ferioli Program Manager Customer Advisory Team Microsoft Corporation.

Chapter 13 Securing Windows Server 2008

Agenda Introduction Network Access Protection platform architecture

Module 3 Windows Server 2008 Branch Office Scenario.

Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.

Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

Jayson Ferron CIO Interactive Security Training WSV206.

Security and Policy Enforcement Mark Gibson Dave Northey

Windows Clients and Windows Server 2008 NAP: Session objectives See why using the built functionality of Windows in both.

CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Getting Ready for Network Access Protection Jeff Alexander Technology Advisor Microsoft.

Sreenivas Addagatla - Development Lead Lambert Green - Test Lead Microsoft Corporation.

Windows Server 2008 Network Access Protection (NAP) Technical Overview.

Windows Network Policy Server Fundamentals Ranjana Jain MCSE, MCT, RHCE, CISSP, CIW Security Analyst IT Pro Evangelist Microsoft India

A Tour of System Center Configuration Manager Adam Duffy Edina Public Schools.

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Clinic Security and Policy Enforcement in Windows Server 2008.

SOE and Application Delivery Gwenael Moreau, Abbotsleigh.

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

IT:Network:Microsoft Server 2 Chapter 27 WINDOWS SERVER UPDATE SERVICES.

Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.

Implementing Dynamic Host Configuration Protocol

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.

Using Microsoft Network Access Protection to test Dr.Web anti-virus software The workstations successfully checked by NAP can be used in a corporate network.

Selecting the Right Network Access Protection Architecture

Tim Vander Kooi Systems

70-411: Administering Windows Server 2012

Implementing Network Access Protection

Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

Module 11: Remote Access Fundamentals

Module 8: Configuring Network Access Protection

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.

Configuring Network Access Protection

May 30 th – 31 st, 2007 Chateau Laurier Ottawa. Securing Your Network – End to End Connectivity Pat Fetty Senior Program Manager Windows Customer Advisory.

NAC-NAP Interoperability

Microsoft Virtual Academy Windows Intune for IT Pros Jump Start M05: Windows Intune Policies David Tesar Richard Harrison.

Understand Server Protection LESSON Security Fundamentals.

© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

Module 6: Network Policies and Access Protection.

Module 5: Network Policies and Access Protection

Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.

Maintaining Network Health Lesson 10. Active Directory Certificates Services 2 A component of Microsoft Identity Lifecycle Management (ILM) ILM allow.

Managing Network Access Protection. Introduction to NAP Issues  Although corporate networks are highly secured, no control over the configuration of.

Cosc 5/4765 NAC Network Access Control. What is NAC? The core concept: –Who you are should govern what you’re allowed to do on the network. Authentication.

Click to edit Master title style TechNet goes virtual ©2009 Microsoft Corporation. All Rights Reserved. TechNet goes virtual NAP and NPS in Windows Server.

D-Link Wireless AP with NAP 802.1x solution

Maintaining Network Health

Administering Windows Server 2012

Implementing Network Access Protection

Modernizing your Remote Access

Configuring and Troubleshooting Routing and Remote Access

Forefront Security ISA

Deriving more value from your Windows investment

IS4550 Security Policies and Implementation

SVTRAININGS. SVTRAININGS Features of SCCM  Application management  Provides a set of tools and resources that can help you create, manage, deploy, and.

Unit 27: Network Operating Systems

Server-to-Client Remote Access and DirectAccess

{ Security Technologies}

Security and identity (Network Access Protection, Parental Controls)

SCCM in hybrid world Predrag Jelesijević Microsoft 7/6/ :17 AM

Presentation transcript:

NAP / PWG Discussion August 17, 2009

NAP Deployment Overview No Corpnet Connectivity Corpnet Various Computing Resources (Application, Infrastructure, Remediation Servers, Other healthy devices, etc). Network Clients Network Access Servers Laptop Network Packet Flow LDAP AD Media-specific Protocol 802.1x Switch Desktop PC RADIUS Virtual Circuit OLEDB/ ODBC Mac Consider adding UAG to NAS box NAP Server (“NPS”) 802.1x Wireless AP PDA SQL Network Packet Flow Smartphone VoIP Phone Remediation Servers Remediation Network

NAP Compliance Check States MS-SOH Protocol (Health Data Exchange) Policy Servers Active Directory NAP Architecture Health Remediation Servers Configuration/ Compliance Validation User/Machine Authentication Updates NAP Server NAP Client System Health Agents (SHA) System Health Validators (SHV) Windows (Inbox) Forefront SCCM Other Windows (Inbox) Forefront SCCM Other NAP Compliance Check States NAP Agent Network Policy Server (NPS) MS-SOH Protocol (Health Data Exchange) Enforcement Servers (ES) (“Network Access Servers”) Enforcement Clients (EC) Various Network Protocols Network Access Control Protocol (RADIUS) 802.1x IPsec TSG HRA VPN Srv DHCP srv … VPN DHCP Others 802.1x Switch

SCCM SHA – Health Evaluation Client Requesting Network Access [Client Non-Compliant] Client Requesting Network Access [Client Now Compliant] Compare Client-submitted “SCCM Policy Cookie” with AD-reported “SCCM Policy Cookie” SCCM SHA Collects “SCCM Policy Cookie” from SCCM Agent SCCM SHA Packages Cookie in SCCM SOH 2. What SCCM Policy is assigned to client? Lookup machine and obtain AD-expected “SCCM Policy Cookie” 3. Retrieve Patches/Software 1. Where is the SCCM Management Point? Client does scan to determine what’s missing Client finds its missing patch “X” SCCM Policy Cookies (Client and AD Reported) MATCH. Therefore: Client is compliant. Client is provided with FULL network access SCCM Policy Cookies (Client and AD Reported) DON’T MATCH. Therefore: Client is non-compliant. Client access may be restricted Client asked to remediate non-compliance (“Get Patched”) Compare Client-submitted “SCCM Policy Cookie” with AD-reported “SCCM Policy Cookie” NAP Remediation Network [Client Access is Restricted] 4. Install Patches and/or Software Retrieved from SCCM DP. Request Network Access with SOH (including SCCM Policy Cookie) Request Access with SOH (including SCCM Policy Cookie)

Windows SHA – Health Evaluation WSHA Check States MATCH WSHV-Defined Check States? WSHA checks MATCH WSHV checks? Client given FULL ACCESS WSHA checks DO NOT MATCH WSHV Checks? Client given RESTRICTED ACCESS Client Remediates Tries Again Request Network Access with SOH (including WSHA Check States) Request Access with SOH (including WSHA Check States) WSHA Collects “Check States” from Windows Action Center (AV, Patch, Firewall) WSHA Packages Checks in WSHA SOH

QA

Appendix