How will Network Access Protection be enforced for IPSEC? How to secure IPSEC clients? How does IPSEC work?

We have just released a white paper which explains in detail the plans for Network Access Protection(NAP) to enforce the security of IPSEC clients. NAP will be a very powerful part of Windows Vista and the corresponding server operating system (currently referred to as Longhorn Server) which will make it possible to automatically assess the security health state of a client before allowing it to connect to your internal network. Machines which fail the health assessment will remain isolated from your internal network.

NAP relies upon a number of different enforcement agents - as you can read in the white paper the plan is for an agent for VPN, IPSEC, 802.1X and DHCP.

The white paper also provides a good summary of how IPSEC actually works right now on current versions of Microsoft Windows.

Comments (3)

  1. Matt Dickins says:

    Will this form a replacement for ISA Server, will it be included for free with Longhorn Server?

  2. Steve Lamb says:

    Matt> No this is not a replacement for ISA. NAP will enable policy checks such as "is the client fully patched" and "is the anti-spyware/malware" system up to date before allowing the client to connect. The range of checks will be far more extensive than that but hopefully that gives you an idea.

    ISA on the other hand is an application layer firewall which inspects traffic to ensure that it is properly authenticated, RFC compliant and free of malicious payload as far as is possible.

    Will NAP be free? That’s a good question. Network Quarantine is a pre-cursor to NAP which is available today and that’s free. I haven’t heard whether NAP will also be free – it’s a little early to tell.

  3. Matt Dickins says:

    Cheers Steve…. So basically does the job of some nice scripts (spose like your VPN quarantine post). Funnily I’ve always found ISA server a little expensive for a home network!!!! I must praise smoothwall! But from we’ll say ‘playing around’ with the schools network and looking into it(approximately 30 servers and at peak possibly 450 clients, amount of hardware available:students = 800 terminals:750 students + VPN) I have found ISA server to really be a wonderful bit of coding.

Skip to main content