34
Network Access Protection

Network access protection ppt

Tags:

Embed Size (px)

DESCRIPTION

NAP on Server 2008(MCITP)

Citation preview

  • 1. What is NAP Microsoft Network Access Protection (NAP) is a Policy-based management feature of windows Server 2008 that allows a network administrator to control access to Network resources. NAP policies define the required configuration and update status for a client computer operating system and critical software.

2. Security Enhancements in Windows Server 2008 Reduced attack surface of the kernel through Server Core Expanded group policy Windows Firewall Network Access Protection BitLocker Drive Encryption 3 3. Benefits of NAP Protect the network:- Network health analysis Policy validation Identify risks Enhanced network health Policy compliance Access control 4. NAP Authentication methods Password-based Point-to-Point Protocol (PPP) authentication protocols. Extensible Authentication Protocol (EAP) and Protected EAP (PEAP) 5. Authorization methods Dialed Number Identification Service (DNIS). Automatic Number Identification/Calling Line Identification (ANI/CLI) Guest authorization 6. Why Use Network Access Protection? Private Network Unhealthy computer Healthy computer 7. 8 Network Access Protection enforcement methods Internet Protocol security (IPsec)-protected communications IEEE 802.1X-authenticated network connections Remote access virtual private network (VPN) connections Dynamic Host Configuration Protocol (DHCP) configuration 8. 9 NAP client with limited access DHCP server Remediation servers VPN server Network Policy Server (NPS) Active Directory Intranet Restricted network Perimeter network Health certificate server (HCS) IEEE 802.1X devices Internet Policy servers Components of the Network Access Protection platform 9. 10 Network infrastructure for Network Access Protection Health policy validation Determines whether the computers are compliant with health policy requirements Network access limitation Limits access for noncompliant computers Automatic remediation Provides necessary updates to allow a noncompliant computer to become compliant Ongoing compliance Automatically updates compliant computers so that they adhere to ongoing changes in health policy requirements 10. Control Network Access Protection Net work Access Protection Network Access Quarantine Control Internal, VPN and Remote Access Client Only VPN and Remote Access Clients IPSec, 802.1X, DHCP and VPN DHCP and VPN NAP NPS and Client included in Windows Server 2008 ; NAP client included in Vista Installed from Windows Server 2003 Resource Kit 11. Network Access Protection Solution Polices, Procedures & Awareness Data Application Host Internal Network Perimeter Policy Validation Network Restriction Remediation Ongoing Compliance 12. According to policy, the client is not up to date. Quarantine client, request it to update. Should this client be restricted based on its health? Network Layer Protection with NAP Requesting access. Heres my new health status. MS NPSClient 802.1x Switch Remediation Servers May I have access? Heres my current health status. Ongoing policy updates to Network Policy Server You are given restricted access until fix-up. Can I have updates? Here you go. Restricted Network Client is granted access to full intranet. System Health Servers According to policy, the client is up to date. Grant access. 13. Install NPS 14. Network Access Protection Components System Health Validator Compare the System of Health (SoH) sent from a System Health Agent (SHA) Statement of Health (SoH) SoH is response sent by a System Health Agent to a System Health Validator 15. Network Access Requests Not Compliant How NAP Works Corporate Network Restricted Network Windows Client Network Enforment Endpoint NPS Active Directory Remediation Servers Health Statements QA SHA EC QS SHV 16. NAP with DHCP NPS Server DHCP Server Requesting access. Heres my new health status. The client requests and receives updates I need to Lease an IP address You are not within the Health Policy requirementsAccess Granted. Here is your new IP AddressVPN Server Client IEEE 802.1X Devices Remediation Servers 17. NAP Enforcement Client 802.1X VPN IPSec DHCP NPS RADIUS 18. 19 DHCP Enforcement For noncompliant computers, prevents unlimited access to a network through a limited DHCP address configuration Network Access Protection-capable DHCP clients use their list of SoHs as proof of their health compliance 19. 20 VPN enforcement For noncompliant computers, prevents unlimited access to a network through a remote access VPN connection Network Access Protection-capable VPN clients use their list of SoHs as proof of their health compliance 20. NAP Infrastructure Health Policy Validation Health Policy Compliance Automatic Remediation Limited Access 21. DHCP DHCP with NAP Secure the DHCP process Configured through a Network Policy Server Issues different information depending on compliance Remediation server Provides updates and security policy changes to the client Brings client into compliance DHCP issues noncompliant computer IP address of remediation server 22. Manage NPS on DHCP 23. Configuring Custom NPS Policies Per DHCP scope 24. Policy validation System health validators (SHVs) are used by NPS to analyze the health status of client computers. Health status is monitored by client-side NAP components called system health agents (SHAs) 25. NAP enforcement NAP enforcement settings allow you to limit network access of noncompliant clients to a restricted network, to defer restriction to a later date, or to merely observe and log the health status of NAP-capable client computers. Allow full network access Allow limited access Allow full network access for a limited time. 26. Remediation Remediation is the process of updating a client computer so that it meets current health requirements. 27. NAP health policy server System Health Validators Health Policies Network Policies Connection Request Policies RADIUS Clients and Servers Remediation Server Groups Active Directory Domain Services NAP enforcement points Health requirement servers 28. Health Policy Options Windows Security Center Firewall on/off Anti-virus installed & up to date Anti-spyware installed & up to date Automatic updates enabled System Center Configuration Manager Required software patches are installed Automatic patch installation to remediate Forefront Client Security Malware signature definition files up to date State of system services 29. system health validator 30. WSHV(Windows Security Health Validator) Properties 31. System Health Validator Template 32. Verifying NAP functionality Verification of NAP auto-remediation. CLIENT1 is automatically remediated when Windows Firewall is turned off, causing Windows Firewall to be turned back on. Verification of NAP policy enforcement. NAP policy is revised to be more restrictive, causing CLIENT1 to be noncompliant with policy and unable to remediate itself. When CLIENT1 is in a noncompliant state, its network access will be restricted. 33. Review NAP client events in Event Viewer Click Start, point to All Programs, click Accessories, and then click Run. 2. Type eventvwr.msc, and press ENTER. 3. In the left tree, navigate to Event Viewer(Local)Applications and Services LogsMicrosoftWindowsNetwork Access ProtectionOperational. 4. Click an event in the middle pane. 5. By default, the General tab is displayed. Click the Details tab to view additional information.


Access Protection

Access Protection

Education
Distribution Boards Protection Devices ~ PPT

Distribution Boards Protection Devices ~ PPT

Documents
Muhsin Transformer protection 2015.ppt

Muhsin Transformer protection 2015.ppt

Documents
Consumer Protection Act (Final PPT)

Consumer Protection Act (Final PPT)

Documents
Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access Control Revocation of

Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access Control Revocation of

Documents
Protection and Relay Schemes(1).ppt

Protection and Relay Schemes(1).ppt

Documents
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection

Documents
Consumer protection-act-ppt

Consumer protection-act-ppt

Education
Transformer protection 2012-1 (2).ppt

Transformer protection 2012-1 (2).ppt

Documents
MS Access PPT

MS Access PPT

Documents
EMC Centera Universal Access Data Protection and … · EMC Centera Universal Access Data Protection ... EMC Storage Administrator ... EMC Centera Universal Access Data Protection

EMC Centera Universal Access Data Protection and … · EMC Centera Universal Access Data Protection ... EMC Storage Administrator ... EMC Centera Universal Access Data Protection

Documents
Access report PPT

Access report PPT

Business
Ms access basics ppt

Ms access basics ppt

Education
electrical Protection Ppt

electrical Protection Ppt

Documents
ppt PowerSystem Protection Compact Part2

ppt PowerSystem Protection Compact Part2

Documents
Consumer Protection Act,.ppt

Consumer Protection Act,.ppt

Documents
Areva P442 Protection by Areva PPT

Areva P442 Protection by Areva PPT

Documents
DEVU ppt on generator protection

DEVU ppt on generator protection

Documents
PPt - Seminar ROAD PROTECTION

PPt - Seminar ROAD PROTECTION

Documents
Protection Overview 2009-2.ppt

Protection Overview 2009-2.ppt

Documents
Microsoft PowerPoint - Motor Protection Principles 101308.Ppt - Motor Protection Principles

Microsoft PowerPoint - Motor Protection Principles 101308.Ppt - Motor Protection Principles

Documents
Circuit protection devices perfect ppt

Circuit protection devices perfect ppt

Engineering
Generator Protection PPT Turbo

Generator Protection PPT Turbo

Documents
Consumer protection ppt

Consumer protection ppt

Law
CellPhone Protection Ppt Seminars

CellPhone Protection Ppt Seminars

Documents
Access layer1-ppt

Access layer1-ppt

Documents
Distribution boards and Protection devices ppt

Distribution boards and Protection devices ppt

Engineering
Generator Protection Ppt

Generator Protection Ppt

Documents
Boiler Water System Protection Ppt Puckorius201012

Boiler Water System Protection Ppt Puckorius201012

Documents
Access Lists PPT

Access Lists PPT

Documents