NAP provides several key benefits to an organization’s defense-in-depth model. One of these benefits is showcased in our next customer story about using the Microsoft Forefront Integration Kit for NAP.
Alex at Ball State University has been a key NAP partner during the development of the FCS/NAP Integration Kit. A key scenario that was addressed by this Solution Accelerator was the ability to provide computers in labs and kiosks with health checks to ensure that the Forefront Client Security configuration is not tampered with. (It’s no surprise that any computer in a public location is more likely to be subject to abuse.) Alex saw the opportunity to add Forefront Client Security, the FCS System Health Agent, and enable NAP for the computers in volatile computer roles.
As a result, Alex can manage these computers’ access to the university’s LAN and ensure that the FCS anti-malware solution is kept running at all times. Let’s look at this scenario a bit closer.
We have a lab computer that can be reimaged quickly when it is suspected to be unhealthy. However, this does not prevent students from tampering with the computer’s configuration or borrowing the computer’s interface (port) to plug in their own PC.
With the integration of FCS and NAP, the scenario can be mitigated to ensure that if the lab PC has had its FCS installation disabled or damaged, the FCS SHA will restore Forefront Client Security detection capabilities. In the case of an interface moved to a personal PC in a lab environment, the SHA can ensure that an anti-malware solution (Forefront Client Security) is running on the system, and if the PC does not have FCS installed it can be prevented from accessing the university’s LAN.
It’s great to hear that the Solution Accelerators team was able to help a customer see the value of Forefront Client security. Ball State University is now looking at a broader Forefront Client Security deployment.
Look for our 4th and final installment on May 19th 2008.