Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.

Slides:



Advertisements
Similar presentations
Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.
Advertisements

Tech·Ed North America /6/2017 9:33 AM
4/6/ :35 AM © 2004 Microsoft Corporation. All rights reserved.
Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
May 30 th – 31 st, 2006 Sheraton Ottawa. Network Access Protection Gene Ferioli Program Manager Customer Advisory Team Microsoft Corporation.
Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Security and Policy Enforcement Mark Gibson Dave Northey
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Information Security in Real Business
Getting Ready for Network Access Protection Jeff Alexander Technology Advisor Microsoft.
Sreenivas Addagatla - Development Lead Lambert Green - Test Lead Microsoft Corporation.
Windows Server 2008 Network Access Protection (NAP) Technical Overview.
Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
1 Windows Server Roadmap Update. 2 Agenda Windows Server Market Trends A Look Ahead NAP Collaboration Announcement Windows Server 2003 R2 Product Update.
Identity and Access Management Business Ready Security Solutions.
Windows Vista: Volume Activation 2.0
Clinic Security and Policy Enforcement in Windows Server 2008.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Brad Allen Windows Client Technical Specialist Microsoft Corporation.
Selecting the Right Network Access Protection Architecture
Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.
OFC 200 Microsoft Solution Accelerator for Intranets Scott Fynn Microsoft Consulting Services National Practices.
70-411: Administering Windows Server 2012
Implementing Network Access Protection
Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.
Module 8: Configuring Network Access Protection
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
The Infrastructure Optimization Journey Kamel Abu Ayash Microsoft Corporation.
Raj Natarajan National Technology Specialist Microsoft Australia.
Paul Butterworth Management Technology Architect
Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.
Configuring Network Access Protection
Enabling Secure Always-On Connectivity [Name] Microsoft Corporation.
May 30 th – 31 st, 2007 Chateau Laurier Ottawa. Securing Your Network – End to End Connectivity Pat Fetty Senior Program Manager Windows Customer Advisory.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
NAC-NAP Interoperability
Virtual Machine Management Challenges What are Solution Accelerators? Offline Virtual Machine Servicing Tool Next Steps.
Managed Support CSM Event – 1 st June Steven Grier Premier Support Manager Premier Support.
May 30 th – 31 st, 2007 Chateau Laurier Ottawa. Getting it Done: Understanding the Security Features of Windows Vista Kai Axford, CISSP, MCSE-Security.
Understand Server Protection LESSON Security Fundamentals.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
Module 6: Network Policies and Access Protection.
Advancing Security Progress and Commitment Stuart Okin Chief Security Advisor – Microsoft UK Delivering on security (an update on progress)
Advancing Security Progress and Commitment. Individual control of personal data Products, online services adhere to fair information principles Protects.
Windows Server 2003 SP1 Technical Overview John Howard, IT Pro Evangelist, Microsoft UK
Infrastructure for the People-Ready Business. Presentation Outline POINT B: Pro-actively work with your Account manager to go thru the discovery process.
Module 5: Network Policies and Access Protection
Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.
Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.
Managing Network Access Protection. Introduction to NAP Issues  Although corporate networks are highly secured, no control over the configuration of.
D-Link Wireless AP with NAP 802.1x solution
Implementing Network Access Protection
Forefront Security ISA
Threat Management Gateway
Deriving more value from your Windows investment
Cybersecurity Strategy
11/23/2018 3:03 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
{ Security Technologies}
Implementing Client Security on Windows 2000 and Windows XP Level 150
NAP / PWG Discussion August 17, 2009.
Security in the Real World – Plenary Day One
Using Software Restriction Policies
Security Insights: Secure Messaging
Presentation transcript:

Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology Specialist Microsoft Thailand

Agenda Security is a problem of IT industry Security Onion A Little History of NAP & NAC NACNAP Available Products in Thai Market

Security Onion

A Little History (NAP & NAC) Remember TACACS+? (Cisco) Remember PPTP? (Microsoft) Remember L2TP? (Microsoft + Cisco) What we do together: Information Sharing (NAP & NAC) Interoperability between two architectures Driving industry standards

Network Admission Control Guest Speaker: Khun Teerapol Tuanpusa Cisco Systems Thailand NAC Presentation NAC Presentation

Network Access Protection

Our Security Strategy Isolation and Resiliency A platform more resilient to security threats Advanced Updating Streamline the security update process Authentication, Authorization and Access Control Enable secure business scenarios Engineering Excellence Raise the bar of software security Guidance, Tools and Response Accelerate adoption of best practices

Windows Trustworthy Network Vision Secure transparent network Network topology is not a trust topology All communications are safe and secure IPsec Policy Windows Firewall Mako Anti-Malware Anti-Virus Windows Update XP SP2 SMS How do you ENFORCE the health of the client?

Core Functionality The Network Access Protection system provides three distinct functionalities: 1. Network Policy Validation – is your system healthy? 2. Network Isolation – if you’re not healthy, you’re out! 3. Network Policy Compliance - if you’re not healthy, we’ll help you get there.

Classic VPN Quarantine (WS03) InternetCorpnet ClientRRASIAS Quarantine Issues Reskit tool – We put it into SP1! Spoofable – not secure Hard to implement – manual scripting Implementation - Windows Server 2003 VPN Only Remote Access Solution Only No 3 rd party VPN support Solution: New Quarantine Platform for ALL connection states

How does it look today?

Quarantine Architecture Policy Server Enforcers: VPN Quarantine Coordination What’s my health Status? RADIUS/VPN Policy Validation State of Health API Management Reporting = SW by Network Quarantine = SW by Policy Groups Policy Server Policy Server Policy Server Policy Server Policy Client Quarantine Coordination ? Can I have access? ? SoH Please I don’t have an SoH XQuarantined I need Help! Policy? Reports Current Policy Updates Health State Updated! SoH All Clear Is this Valid? Valid  Access Granted Network Access Point

What is Quarantine Platform? From Home Returning Laptops Consultants Guests Unhealthy Desktops Health Checkup IT checks “health” of client - patch level, AV, other scriptable checks Network Access Control Access/No Access using R2: DHCP, VPN Longhorn: IPSec Health Maintenance Quarantined clients are given access to fix-up services Can’t protect against malicious users

Components Policy Coordination Client Policy Client (i.e. Anti-virus) Enforcement Technologies (DHCP, VPN) RADIUS Server Policy Servers (Anti-virus; Patch/System Management, etc.) Update Servers (Anti-virus; Patch/System Management, etc.) Client RADIUS Client RADIUS Server Policy Coordination Server DHCP or VPN Client DHCP or VPN Server Policy Server (i.e. Anti-virus) Policy Client (i.e. Patch) Update Server (i.e. Anti-virus) Update Server (i.e. Patch) Hardware Software Policy Compliance Technologies Policy Validation Technologies Network Communications & Isolation Technologies Policy Server (i.e. Patch)

Infrastructure Updates What is going to be touched? Company Network DHCP Servers Isolation Network RADIUS Server VPN/Dial-up Servers Policy Servers (Anti-virus; Patch/System Management, etc.) = Requires server upgrade or deployment Local access machines Remote access machines Update Servers (Anti-virus; Patch/System Management, etc.) * DHCP and VPN are referred to as Enforcement Servers. Enforcement technology can be IPsec.

Roadmap

Network Access Protection Key Take-Aways Focused on Network Health Not just “quarantine” but on returning clients to a healthy state VPN Quarantine available today on Windows Server 2003 Version2 (DHCP/VPN) shipping in R2 Version3 (IPsec) shipping in Longhorn Extensible Architecture Extendable to 3 rd party ISV Scripting allows additional “custom” checks Selectable Network Enforcement DHCP, VPN, IPsec Standard network methods Rich Ecosystem of NAP aware applications

Can’t wait for Longhorn?

Try these products Software Update Services (SUS) m/sus/default.mspx m/sus/default.mspx MS Baseline Security Analyzer (MBSA) s/mbsahome.mspx s/mbsahome.mspx ISA Server Windows Server 2003’s CMAK default.mspx default.mspx

Network Access Protection Info External Website: External Questions and Feedback Security Guidance Center Tools External Website: External Questions and Feedback Security Guidance Center Tools

© 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.