Although it cannot protect you from malicious users that
get on trusted computers, it does prevent unauthorized machines from accessing your
network and potentially affecting your systems. It lets you establish minimum health
requirements for any system that joins your network. This can be done through IPSec,
802.1x, VPN, or DHCP enforcement. IPSec is the recommended method since it allows
your network to be logically subdivided into protected, border, and quarantine zones using
health certificates as the controlling access method. DHCP is the easiest to implement
but can easily be defeated by anyone who knows your internal network structure.
The System Health Agents either built into Windows or provided by a third-party
manufacturer report health information to the NAP client, which is then sent to the NPS
server for validation by the System Health Validators through NAP enforcement client
and server components. If IPSec is involved, the NPS server then negotiates with the CA
for a health certificate if the client passes all requirements.
This chapter gave you a taste of NAP??™s capabilities. What??™s important to note is that
NAP is now an integral component to Windows Server 2008. It is truly part of Microsoft??™s
strategy for a more secure computing platform. The great thing about NAP is that you
are not restricted to Microsoft??™s own technology. In fact, Microsoft is continually working
with many third-party software developers to create more feature-rich NAP agents to accommodate
a wide variety of different methods for measuring system health.
Pages:
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325