Suppose it??™s an executive user who has Full-Control over his or her
laptop and lets his or her kids play with it when it??™s at home. Many large enterprises
have resorted to granting all laptop users Full-Control because printer installs and help
desk situations are often handled more gracefully if the user has Full-Control on his or
her laptop. What if the user??™s kids download programs from the Internet that could
be harmful to the laptop? With mobile computing being on the rise, a common scenario
exists: Devices from your controlled and secured network leave your sphere of control to
mingle with the insecure world and then return to the secure network as though nothing
happened.
Doesn??™t it seem logical that when a device is connected to your network it should be
considered untrusted by default and not allowed to talk to your trusted systems until it??™s
been thoroughly examined? This is what Network Access Protection (NAP) is all about.
NAP is the Nirvana of network security??”a world where an untrusted device is placed
in quarantine from trusted devices until it has complied with a series of ???health??? checks.
If it passes the tests, it is granted a pass into your trusted network. If it fails, it is given a
chance to remediate the issue either automatically or manually and then undergoes the
same health checks to ensure compliance. Not until an untrusted host becomes cleared
by the system does it get access to the protected inner sanctum.
Pages:
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298