NETWORK ACCESS PROTECTION
What is NAP? First, I??™ll tell you what it??™s not. It??™s not going to protect you from malicious
users. NAP is an overall solution that lets administrators quarantine hosts that come
onto the network until they have passed a series of defined health checks. Systems that
do not pass the health checks are placed into a restricted state, where they are granted
access only to specific hosts as needed to get back to a healthy state. This typically comprises
anti-virus and patch-management servers, but it can be any server you need to
make available to bring your systems into compliance. Once the health violation has
been resolved, the system can then participate in your general trusted network.
255 Chapter 8: Network Policy and Access Services
Figure 8-1 shows an example of how NAP can be used to partition your network
logically through the use of policy rather than topology. In this example, the partitioning
is done using IPSec. Any new host entering the network is placed in the quarantine zone.
Any host that then wants to get into the protected zone (for example, to communicate
with one of your servers) will be subjected to a series of health checks. Those that fail
even one of the checks will then communicate with remediation servers that reside in the
boundary zone to get themselves compliant. Once compliant, they will be placed in the
protected zone, where they are free to communicate with other hosts in that zone.
Pages:
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299