Each client also has an enforcement client component that is responsible
for limiting network access based on the medium for which it is responsible. For
example, the DCHP enforcement client works with the appropriate NAP-enabled DHCP
Server to ensure that the client obtains limited access only. The NAP agent then communicates
and manages information regarding health states between the system health
agents and the enforcement clients.
Enforcement Clients
Since four different methods exist for enforcing NAP client restrictions, four different
NAP enforcement clients are responsible for managing the client??™s ability to protect the
network:
?–? IPSec NAP EC Stores health certificates issued by the NPS server. It then
instructs IPSec to use the appropriate certificate during its communication with
other NAP-enabled clients. It also controls the Windows Firewall to ensure that
IPSec-enabled traffic is allowed through.
?– EAPHost NAP EC Collects Statement of Health information from the various
system health agents that is then sent using PEAP for 802.1X connections. If a
health certificate is available, it can also use that to authenticate using 802.1X.
?– DHCP NAP EC Collects a Statement of Health information and then passes it
off to a NAP-enabled DHCP server through the use of DHCP options.
?–? VPN NAP EC Similar to the EAPHost NAP EC, it collects Statement of Health
from various health agents that is then sent using PEAP to the VPN server.
Pages:
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311