Network Access Protection (NAP) in Windows vista

by Peter Y. Moss.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on windows  

You are here: Categories » Computers and technology » Windows

Business versions of Windows Vista include Network Access Protection (NAP) to prevent a Windows Vista–based client from connecting to your private network if the client lacks current security updates and virus signatures or otherwise fails to meet your computer health requirements. NAP is designed to protect client computers as well as your network from vulnerabilities that could otherwise be exploited if NAP wasn’t used and enforced.

Understanding Network Access Protection

Network Access Protection can be used to protect your network from local clients as well as remote access clients. At the heart of this feature are three components:

  • Network Access Protection Agent A software component that allows a client running Windows to participate in Network Access Protection. This agent runs as a service on computers running Windows Vista.

  • NAP Client Configuration A configuration tool that is used to define and enforce NAP requirements on clients. This tool is also used to specify health registration settings and designate trusted servers.

  • NAP Server Configuration A configuration tool that is used to manage NAP and define NAP policy

The Network Access Protection Agent reports the health status of a client computer to a server called a Health Registration Authority. The report includes details about the client’s overall security health, such as whether the client has current security updates and up-to-date virus signatures installed. The security mechanism by which a client computer communicates with a Health Registration Authority is configured through a designated Request Policy.

Request Policies can be configured to use:

  • Any of a variety of private key algorithms, including asymmetric key algorithms based on Rivest-Shamir-Adleman (RSA), Digital Signal Algorithm (DSA), and other security specifications.

  • Any of a variety of signed and unsigned hash algorithms, including RSA MD5 hashing and DSA SHA1 hashing.

  • Any of a variety of Cryptographic Service Providers, including the Microsoft Enhanced

Cryptographic Provider version 1.0, the Microsoft Enhanced RSA and AES Cryptographic Provider, and the Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider.

You can access the NAP Client Configuration tool, by following these steps:

  1. Click Start, and then click Control Panel.

  2. In Control Panel, click the System And Maintenance category heading link, and then click Administrative Tools.

  3. Double-click NAP Client Configuration.

Using Network Access Protection

Using the NAP Client Configuration tool, administrators can configure separate enforcement policies for Dynamic Host Configuration Protocol (DHCP) clients, remote access clients, and terminal services clients. Enforcement policy can also be configured for virtual private network (VPN) clients that use Extensible Authentication Protocol (EAP).

Administrators can use NAP to enforce health requirements for all computers that are connected to an organization’s private network, regardless of how those computers are connected to the network. You can use NAP to improve the security of your private network by ensuring that the latest updates are installed before users connect to your private network. If a client computer does not meet the health requirements, you can:

  • Prevent the computer from connecting to your private network.

  • Provide instructions to users on how to update their computers. (In some cases, you can update their computers automatically.)

  • Limit access to your network so that users with out-of-date computer security can access only designated servers on your network.

To allow NAP to be enforced when a computer is acting as a DHCP client, follow these steps:

  1. Start the NAP Client Configuration tool.

  2. In the left panel, select Enforcement Clients.

  3. Double-click DHCP Quarantine Enforcement Client.

  4. In the DHCP Quarantine Enforcement Client Properties dialog box, select the Enable This Enforcement Client check box.

You can enable enforcement for other types of connections using a similar procedure:

  • To enforce remote access NAP, open NAP Client Configuration tool, double-click Remote Access Quarantine Enforcement Client, and then select the Enable This Enforcement Client check box.

  • To enforce terminal services NAP, open NAP Client Configuration tool, double-click TS Gateway Quarantine Enforcement Client, and then select the Enable This Enforcement Client check box.

  • To enforce VPN protection, NAP Client Configuration tool, double-click EAP Quarantine Enforcement Client, and then select the Enable This Enforcement Client check box.

You configure the actual NAP policies that apply to clients by using the NAP Server Configuration tool.

Share
Leave a comment or ask a question
Total comments: 0

Windows Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
How To Get Rid Of Windows 7 Hanging Issue And Have A Fast Running Computer - The newest Microsoft Operating system, Windows 7 is not without its faults. The most common of these faults being the fact that it hangs and becomes unresponsive causing its users to become very (more...)
Things to Know About the New Windows 7 When Upgrading Windows Vista - On Thursday October 22, 2009, the much anticipated release of Windows 7 arrived. As I am sure you are well-aware, many PC users and PC experts were highly disappointed with Windows Vista; the go (more...)
Wireless Connection on Windows Vista and Windows 7 - Wireless networking is perfect when you want to connect devices in locations where it would be difficult or expensive to run Ethernet cables. Let's say your PC and the high-speed Internet equipment (more...)
Windows 7 Disable Memory Dump Files and Save HDD Space - If your computer crashes, it will create a dump file. From this dump file you can diagnose the source of the problem. It is unlikely you will need this file; if you do, you can always turn the opti (more...)
Shrink/Extend a Partition on Windows 7 Hard Drive - If you use multiple partitions on your hard drive, you may want to shrink or extend one of them-after realizing you want more space on another one of the partitions. ( Create a New Partition.) (more...)
Windows 7 Schedule Defragmentation - Defragmentation helps speed up access to data on your drive. In this tutorial, you'll learn how to schedule defragmentation so you don't have to worry about ensuring your drive is defragmented. (more...)
Reduce Windows 7 Boot Time - Does your computer boot slowly? If you shut your computer down regularly, this can be a real pain. Anything more than about 45 seconds tests my patience and I've used computers tha (more...)
Windows 7 Change Account Picture - Your account picture is used for the login screen, your start menu, windows meeting space, and more. When you first set up your account, you can choose one of the default images. In this tutorial, (more...)
Windows7 Device Stage - Device Stage is a new technology in Windows 7 that helps you interact with any compatible device connected to your computer. Device Stage lets you see device status and run common tasks. This a cur (more...)
Windows7 Action Center - Windows Action Center is an improved version of Vista's Security Center. The action center alerts you to problems with your PC and lets you know how you can resolve them. Notifications are delivere (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.