This is a key issue: You can create remediation
servers to bring your hosts into compliance automatically. You can also allow users to remediate
themselves manually. In practice, you will want to have both methods available
so that remediation occurs automatically, and if that automatic remediation step fails, the
user is provided some sort of manual method for gaining compliance.
NAP COMPONENTS
NAP is actually one gigantic system. Without all the required pieces, it is not effective
at all. In fact, one of the most prohibitive aspects of being able to implement NAP in
your environment is cost. Depending on the solution you want to provide and how well
you??™ve kept your network infrastructure up to date, this can require sweeping upgrades
across your enterprise. For example, you may need to upgrade older switches that don??™t
support 802.1X authentication. As a system, NAP comprises several components:
?–? IPSec enforcement
?– 802.1X enforcement
?– VPN enforcement
?– Dynamic Host Configuration Protocol (DHCP) enforcement
?– Network Policy Server (NPS)/Radius
?– NAP Agent
?– System Health Agent (SHA)
?– NAP administration server
?– System Health Validator (SHV)
?– Health policy
?– Accounts database
?– Health Registration Authority (HRA)
?–? Remediation server
The list is pretty long, but considering what you??™re trying to accomplish as far as
network security is concerned, each of these pieces plays a major part in making NAP
come to life.
Pages:
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301