Network Access Protection

While I am preparing for the Vista security overview TechNet evening I read about a new functionality of Longhorn Server and Windows Vista client, it is called Network Access Protection (NAP). I will talk a little bit about this during the presentation but here is already a preview of what this does.

NAP will help you as an Administrator to make sure that the clients who are connecting to your network will be compliant with the policies you defined.

How NAP works:

1. Client requests access to network and presents current health status

2. DHCP, VPN or Switch Router relays health status to Microsoft’s Network Policy Server

3. The Network Policy Server validates this against IT-defined health policies

4. If the machine is policy compliant, it’s given immediate access to the corporate network

5. If the machine is not policy compliant, it is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures, etc. Repeat 1-3.

Network Access Protection functions on four levels. It validates compliance to policy, restricts access based compliance to policy, remediates as necessary, and grants access accordingly. NAP ensures the client’s ongoing compliance to policy. The NAP platform functions in realtime. It recognizes quarantines and remediates threats before they can even pose a threat to your network.

Visit the following site for more information about NAP.

Note: NAP is not the same as Network Quarantaine in Windows 2003