Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Server 2008 Network Access Protection (NAP) Technical Overview.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Windows Server 2008 Network Access Protection (NAP) Technical Overview."— Presentation transcript:

1 Windows Server 2008 Network Access Protection (NAP) Technical Overview

2 Introducing Network Access Protection Network Access Protection Architecture Reviewing NAP Enforcement Options What Will We Cover?

3 Level 300 Familiarity with DHCP Knowledge of IPsec Familiarity with RRAS and VPN Helpful Experience

4 Introducing Network Access Protection Using NAP with DHCP Using NAP with VPN Using NAP with IPsec Agenda

5 Network Access Protection Solution Policy Validation Network Restriction Remediation Ongoing Compliance Polices, Procedures, and Awareness Data Application Host Internal Network Perimeter

6 Network Access Protection – Notes Policy Validation Network Restriction Remediation Ongoing Compliance Polices, Procedures, and Awareness Data Application Host Internal Network Perimeter

7 NAP Architecture Overview Network Policy Server Quarantine Server (QS) Client Quarantine Agent (QA) Health policyUpdates Health Statements Network Access Requests System Health Servers Remediation Servers Health Certificate Network Access Devices and Servers System Health Agent (SHA) MS and 3rd Parties System Health Validator Enforcement Client (EC) (DHCP, IPSec, 802.1X, VPN)

8 NAP Architecture Overview – Notes Network Policy Server Quarantine Server (QS) Client Quarantine Agent (QA) Health policyUpdates Health Statements Network Access Requests System Health Servers Remediation Servers Health Certificate Network Access Devices and Servers System Health Agent (SHA) MS and 3rd Parties System Health Validator Enforcement Client (EC) (DHCP, IPSec, 802.1X, VPN)

9 Network Layer Protection with NAP Requesting access. Here’s my new health status. MS NPS Client 802.1x Switch Remediation Servers May I have access? Here’s my current health status. Should this client be restricted based on its health? Ongoing policy updates to Network Policy Server You are given restricted access until fix-up. Can I have updates? Here you go. According to policy, the client is not up to date. Quarantine client, request it to update. Restricted Network Client is granted access to full intranet. System Health Servers According to policy, the client is up to date. Grant access.

10 Host Layer Protection with NAP Accessing the network X Remediation Server NPS HRA May I have a health certificate? Here’s my SoH. Client ok? No. Needs fix-up. You don’t get a health certificate. Go fix up. I need updates. Here you go. Here’s your health certificate. Yes. Issue health certificate. Client No Policy Authentication Optional Authentication Required

11 NAP – Enforcement Options Restricted VLANFull access802.1X Healthy peers reject connection requests from unhealthy systems Can communicate with any trusted peer Complements layer 2 protection Works with existing servers and infrastructure Offers flexible isolation IPsec Restricted VLANFull accessVPN Restricted set of routesFull IP address given, full access DHCP Unhealthy ClientHealthy ClientEnforcement Infrastructure and API Setv Customer Choice IPsec-based Enforcement

12 Introducing Network Access Protection Using NAP with DHCP Using NAP with VPN Using NAP with IPsec Agenda

13 NAP with DHCP NPS Server Client DHCP ServerVPN ServerIEEE 802.1X Devices Remediation Servers Requesting access. Here’s my new health status. The client requests and receives updates I need to lease an IP address You are not within the Health Policy requirements Access granted. Here is your new IP address

14 Demonstration Environment

15 Demo Configuring NAP for DHCP Configure Health Policies Configure Network Policies Enable Client NAP Settings demonstration

16 Introducing Network Access Protection Using NAP with DHCP Using NAP with VPN Using NAP with IPsec Agenda

17 NAP with VPN and RRAS NPS Server Client VPN Server Remediation Servers RADIUS Messages PEAP Messages

18 Demo Configuring NAP for VPN Configure RRAS Settings Configure Connection Request Policy Configure Network Policies demonstration

19 Introducing Network Access Protection Using NAP with DHCP Using NAP with VPN Using NAP with IPsec Agenda

20 IPsec-based Communication Secure network Boundary network Restricted network IPsec Authenticated Unauthenticated

21 IPsec-based Communication – Notes Secure network Boundary network Restricted network IPsec Authenticated Unauthenticated

22 Demo Configuring NAP for IPsec Configure Exemption Group Configure Certificate Settings Configure Health Registration Authority demonstration

23 NAP provides policy-driven access control Customer choice—flexible, selectable enforcement Broad industry support Session Summary

24 www.microsoft.com/technet/add-302 Visit TechNet at: www.microsoft.com/technet Visit the following site for additional information: For More Information

25 Course IDTitle 5934 Introducing Microsoft Windows Server 2008 5939 Introducing Server Management in Microsoft Windows Server 2008 For training information and availability www.microsoft.com/learning Training Resources

26 Self-study learning tool, free to anyone Determines skills gaps Provides learning plans Post your score, see how you rank Visit: www.microsoft.com/assessment Readiness with Skills Assessment

27 Become a Microsoft Certified Professional What are MCP certifications? Validation in performing critical IT functions Why certify? WW recognition of skills gained through experience More effective deployments with reduced costs What certifications are there for IT Pros? MCP, MCSE, MCSA, MCDST, MCDBA www.microsoft.com/learning/mcp

28 TechNet Plus TechNet Plus is an essential premium web-enabled and live support resource that provides IT Professionals with fast and easy access to Microsoft experts, software and technical information, enhancing IT productivity, control and planning. Evaluate full versions of all Microsoft commercial software for evaluation— without time limits. This includes all client, server and Office applications. Try out all the latest betas before public release Keep your skills current with select Microsoft E-Learning courses free each quarter Evaluate full versions of all Microsoft commercial software for evaluation— without time limits. This includes all client, server and Office applications. Try out all the latest betas before public release Keep your skills current with select Microsoft E-Learning courses free each quarter Evaluate & Learn Plan & Deploy Support & Maintain Use the TechNet Library to plan for deployment using the Knowledge Base, resource kits, and technical training Use exclusive tools like System Center Capacity Planner to accurately plan for and deploy Exchange Server and System Center Operations Manager Stay informed with your free subscription to TechNet Magazine. Use the TechNet Library to plan for deployment using the Knowledge Base, resource kits, and technical training Use exclusive tools like System Center Capacity Planner to accurately plan for and deploy Exchange Server and System Center Operations Manager Stay informed with your free subscription to TechNet Magazine. 2 complimentary Professional Support incidents for use 24/7 (20% discount on additional incidents) Access over 100 managed newsgroups and get next business day response-- guaranteed Use the TechNet Library to maintain your IT environment with security updates, service packs and utilities 2 complimentary Professional Support incidents for use 24/7 (20% discount on additional incidents) Access over 100 managed newsgroups and get next business day response-- guaranteed Use the TechNet Library to maintain your IT environment with security updates, service packs and utilities Get all these resources and more with a TechNet Plus subscription. For more information visit: technet.microsoft.com/subscriptions

Download ppt "Windows Server 2008 Network Access Protection (NAP) Technical Overview."

Similar presentations

Active Directory Fundamentals

Active Directory Fundamentals
Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.

Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.
Advanced SQL Server 2005 Reporting Services. New Data Sources in SSRS 2005 Reporting Services Data Extensions Working with SSAS and SSIS Data End-User.

Advanced SQL Server 2005 Reporting Services. New Data Sources in SSRS 2005 Reporting Services Data Extensions Working with SSAS and SSIS Data End-User.
Tech·Ed North America /6/2017 9:33 AM

Tech·Ed North America /6/2017 9:33 AM
Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.

Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Welcome ITPROEXC-113. Pablo Vernocchi MVP Exchange Server Leandro Amore MVP Directory Services Disaster.

Welcome ITPROEXC-113. Pablo Vernocchi MVP Exchange Server Leandro Amore MVP Directory Services Disaster.
May 30 th – 31 st, 2006 Sheraton Ottawa. Network Access Protection Gene Ferioli Program Manager Customer Advisory Team Microsoft Corporation.

May 30 th – 31 st, 2006 Sheraton Ottawa. Network Access Protection Gene Ferioli Program Manager Customer Advisory Team Microsoft Corporation.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Copyright line. Network Access Protection EXAM OBJECTIVES  Working with NAP.

Copyright line. Network Access Protection EXAM OBJECTIVES  Working with NAP.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Agenda Introduction Network Access Protection platform architecture

Agenda Introduction Network Access Protection platform architecture
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.

Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.
Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.

Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.
Microsoft Software Assurance for Academic Licensing Programs.

Microsoft Software Assurance for Academic Licensing Programs.
Jayson Ferron CIO Interactive Security Training WSV206.

Jayson Ferron CIO Interactive Security Training WSV206.
Getting Ready for Network Access Protection Jeff Alexander Technology Advisor Microsoft.

Getting Ready for Network Access Protection Jeff Alexander Technology Advisor Microsoft.
Sreenivas Addagatla - Development Lead Lambert Green - Test Lead Microsoft Corporation.

Sreenivas Addagatla - Development Lead Lambert Green - Test Lead Microsoft Corporation.
Windows Network Policy Server Fundamentals Ranjana Jain MCSE, MCT, RHCE, CISSP, CIW Security Analyst IT Pro Evangelist Microsoft India

Windows Network Policy Server Fundamentals Ranjana Jain MCSE, MCT, RHCE, CISSP, CIW Security Analyst IT Pro Evangelist Microsoft India

Similar presentations

Ads by Google