Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Windows Server 2008 - Configuring Network Access Protection

Idea Tech Republic recently shared this article reflecting how to configure the NAP environment for the upcoming Windows 2008 Server operating system.  The examples shown are for the 3rd Beta build, but are reflective of what will most likely be included in the final version of NAP.  This is a major new security configuration toolkit should help security and network administrators when W/2008 is released in the future.  

Windows Server 2008 - Configuring Network Access Protection
http://articles.techrepublic.com.com/2415-1035_11-178022.html 

QUOTE: Unlike other Microsoft solutions, the MS-NAP implementation does not resemble other products like Exchange, SQL, or IIS, but exists more as a collection of roles, policies, and services. MS-NAP generally requires at least two servers to fully implement all of the roles outlined by Microsoft. MS-NAP has a few basic elements that enable the implementation to succeed as designed.

Below are details of some of the best server practices to ensure a MS-NAP implementation can start off correctly:

  • Software and network policies: While not a technology matter, it's important to first identify the functionality desired by the MS-NAP implementation, and then apply the technology to define the service pack levels, anti-virus criteria, IPSec policies, and other factors to permit access to a specified network. And then to define what happens in a non-compliant state: remediation network, denied access, or other way of handling non-compliant systems.
  • Active Directory domain: This part of the back-end infrastructure should be very organized so that users accessing it have clear access to specified resources. Don't fall into the over-permissions trap simply to make things work. MS-NAP functions in a mash of roles depending on your configuration, but it's required that it be at functionality level Windows Server 2003 or higher.
  • VPN access: If the VPN enforcement method is used, the VPN solution is critically important for an MS-NAP implementation. This external (Internet) connections is for internal VPN connections for higher level secure sites within your private network if used.
  • Network equipment: Ensure that your equipment supports 802.1X authentication, especially if using wireless clients or the 802.1X EC.
  • DHCP networking: The DHCP network in regard to the MS-NAP implementation is important, as there are scope options that designate a class for remediation should a system not be compliant with the MS-NAP policy.

Comments

Windows Vista News said:

Interesting: msmvps.com

# December 31, 2007 2:00 PM