Friday's Security Nugget.

So today I'm trying something a bit different.  Working in the Developer and Platform Group, I'm surrounded by developers - and they really like Silverlight (a framework for developing high-quality, cross-platform, cross-browser, media-enabled rich interactive web applications).

If you like this format, I'll do a lot more (it was actually good fun putting this together).

So, I've been running something called the 'Longhorn Academy' for the last four months - 130 IT Pros in a room for half a day, once a month to learn Longhorn (Windows Server 2008).  One of the topics included a detailed, deep-dive into Network Access Protection (NAP), something that I think is probably one of the best new features coming with Windows Server 2008.

NAP enables IT administrators to enforce network access policies.  It's not really a security product, as you could use it to enforce an un-secure network, but combined with very secure policies it will help greatly with security.

At a very high level, NAP lets me decide what a compliant PC 'looks like' (must have a firewall turned on, must have an up-to-date anti-virus product installed, etc).  Then it only allows full network access to those PCs that are compliant with that policy.  Any machine that is not compliant will either be kicked off of the network, or given limited access to a part of the network where they can fix the problem (get an up-to-date anti-virus signature, download a patch, etc).

Methods of NAP include DHCP, 802.1x, VPN and IPSec.  This demo is IPSec, but they all offer the same basic functionality.

Enjoy

I've posted this on youtube as well (just incase you're running Linux & can't run Silverlight - yet). 

Dave.