Guy recommends :
Free SolarWinds
VM Console

Find out which of your VMs are a waste of space and which VMs need more resources.

Custom Search

1) FreePing
2) Engineer's Toolset
3) Xobni
4) PuTTY
5) WMI Monitor
6) BgInfo
7) Net-SNMP
8) IP Address Tracker
9) DNS Stuff
10) WinDiff Compare

Vista jokes

Windows Vista - Network Access Protection (NAP)

Don't make the mistake of confusing Network Access Protection (NAP) with Vista's Network Center. Microsoft's NAP is a client server technology designed to protect your network from 'unhealthy' machines. Built-in to Vista are client-side system health agents (SHA), the Windows Server 2008 or Windows 2003 Servers* compare the clients SoH (statement of health) with their policies. You can configure NAP to only allow healthy machines on to the main network. (The Network Center is a Control Panel container for troubleshooting IP settings and negotiating Wireless connections.)

*Windows 2003 Servers require an update, which is currently under testing before it can fulfil the NAP server role.

Introduction to Network Access Protection (NAP)

How do computer virus infections spread? Let us assume that you minimise virus attack by protecting the Internet connection with firewalls and scanning Email attachments, what else can you do? Ah yes, check those laptops and other mobile devices that itinerant associates bring to your network. Thanks to Network Access Protection, virus attacks via laptops can be isolated, or if you specify a policy, the affected machines can be cleaned and then allowed onto your production network.

NAP Philosophy

The mission of NAP is to preserve the network by allowing access to only healthy machines. Visiting laptops which don't meet your policy standards, whether or not they are riddled with viruses, can be restricted to the repair subnet. There, NAP remediation servers may be able to add SMS packages containing antivirus signatures and thus cure their deficiencies.

Remember that NAP focuses on the computer, unfortunately, it cannot protect against malicious users.

NAP is a client server technology which identifying machines that don't have the latest virus signatures, service packs or security patches. Such machines are most likely laptops that have been offsite for a while, or home computers connecting through a VPN. Apparently hackers, in commons with all cowards, target the older weaker members of the computer society.

What strategy you employ once the server detects such 'unhealthy' machines is up to you. You could configure the NAP servers to ban all machines until they pass muster, allow at least some of them onto the network, or better still point them to the remediation servers. Another alternative would be to allow machines which don't meet all the criteria limited access, for example visiting consultants laptops' get internet access only.

Components of NAP

Remember that NAP is a classic client server technology. All the necessary NAP components will be built into Vista clients and Longhorn Servers. However, there is a talk of adding patches to XP (SP3) and Windows Server 2003 so that they can also benefit from NAP.

Your mission is to protect your network from 'unhealthy' machines. Tactics involve identifying what constitutes a healthy machine, configuring one or more policies and deciding what do about computers that fail to match your criteria.

When a Vista machines boots up a conversation takes place with the NP (Network Protection) Server. The client agent sends a SoH (Statement of Health), which details software updates and anti-virus signatures to the NP Server. The server compares the SoH with one or more of its policies. If the Vista client is deficient in any of the components, you can predetermine what action to take. For example, whether to try and remediate the client or just ban it from the production network.

Guy Recommends SolarWinds' Free Network Monitor

Thus utility makes it easy to check the health of a router or firewall. Check the real-time performance, and availability statistics, for any device on your network. Get started with an extensive collection of "out-of-the-box" monitors for popular network devices.

Download your free Network Device Monitor

NAP Server Components (Windows Server 2008 or Windows Server 2003)

Microsoft's NAP Administration Server. The main NAP Server reviews the policies, analyzes the clients and then decides whether or not to allow access to the network.

System Health Validator (SHV). Determines whether the the SoH (Statement of Health) issued by the client's SHA (System Health Agent), matches the required health criteria on the server.

Health Policy. A list of conditions, you can have a different policy for each of these technologies; IPSEC, DHCP, 802.1 or VPN.

Accounts Database. A portion of Active Directory that stores NAP properties for a computer or user.

Health Certificate Server, IIS on Longhorn.

Optionally, a Remediation server. This server is designed to help treat unhealthy clients, consequently it has any patches, virus signature updates that may cure a sickly machine. However, further policies decide which machines get the patches, for example visitors machines would not have any software fixes applied. See more about NAP on Windows Server 2008.

♦

Here are the five NAP policy systems.

IPSec

This is the most secure configuration. IPSec and NAP work in tandem to ensure that all machines are healthy and only speak the encrypted IPSec protocol.

DHCP

Probably the most common implementation, every time the client asks to renew its IP address DHCP enforces health compliance.

802.1 (EAPHost)

Restricts access at the wireless access points until the clients are confirmed as healthy.

VPN

The VPN server enforces the policies any time a client computer attempts a connection over the VPN.

NPS (Network Policy Server) / Radius

Just works as a Policy Server.

Guy Recommends: A Free Wake-On-LAN Utility

Encouraging computers to sleep when not in use is a great idea - until you are away from your desk and need a file on that remote sleeping machine!

Wake-On-LAN really will save you that long walk to awaken a hibernating machine; however my reason for encouraging you to download this utility is just because it's so much fun sending those 'Magic Packets'. As Wake-On-LAN (WOL) is free, see if I am right, and you get a kick from arousing those sleeping machines. WOL also has business uses for example, wakening machines so that they can have their patches applied.

Download your free copy of Wake-On-LAN

Summary of Network Access Protection

The idea of Network Access Protection (NAP) is to identify and then to isolate 'unhealthy' computers. The number one source of 'unhealthy' computers is likely to be a visiting laptop. NAP is a client server technology which gives you a range of options for dealing with machines that lack up-to-date virus signatures, patches or service packs.

If you like this page then please share it with your friends

Configuring Windows Vista Topics:

Vista Tools and Extras

Download Your Tweak the Registry Ebook for only $6.45

This ebook will explain the workings of the registry. I thoroughly enjoy tweaking the registry, and I want to distill the best of my experiences and pass them on to you.

Each registry tweak has two aims; to solve a specific problem, and to provide general learning points, which help you to master regedit.

Over 60 pages ebook and PDF format

Custom Search

Site Home

Guy Recommends: SolarWinds Free IP SLA Monitor

SolarWinds IP SLA Monitor offers so much more than just uncovering network bottlenecks, the real joy is learning about router traffic.

To find out what's happening on the network between your computers and their routers, download your free copy of the of IP SLA Monitor.

Please report a broken link, or an error to: