Now-a-days security is put to the test so many times, when vulnerabilities are exploited - from hackers to viruses. Again it can be controlled with the applications that are running on systems, that are used to prevent those threats. But what if we get technology in the form of pro-activeness? Microsoft 2008 Server has a feature called Network Access Protection and I really like it a lot. With it you can create policies for a system which is not compliant to patches and it will prevent those systems from communicating over the network unless it gets updated. Polices can be created with virus definitions for those systems that are not updated with latest signature and those systems will also not communicate unless the latest signatures are present. Again it depends what policies and what you need to control with those policies. It truly depends upon the administrator who is creating those policies. It sounds really cool. Yes, it will minimize the threats and unwanted downtime that can arise due to these threats.
Network Access Protection, NAP, has the feature that can restrict the clients to communicate over the network if the client has some security concerns. I mean if the security patches are not updated or antivirus updates are not updated, NAP will prevent those clients from communicating over the network. To achieve this, Policy Server needs to be configured. After configuring you link those polices to clients using local Windows system health agent. Let's look at it in detail.
NAP was developed to minimize the security threats that are posed to business world from:
The server that handles NAP is Network Policy server. It also becomes your SHV and ES server, the role for this component of server has been detailed in above notes.
Again these policies are created based on systems health.
Hi,
I'm currently testing NAP-DHCP in our environment. NAP components have been installed on a Win 2008 R2 enforcement server and NPS policies defined too. However, once I enable NAP on a DHCP scope, I can ping, view and use shares on the SEP remediation server, from our Win 7 clients. But, when I try running liveupdate on this same machine, it fails to contact to the server. And when I check the SEP client's connection status, it says 'Connected'.
What am I missing? Pls advise.
We have successfully installed SEPM with NAC component also we are integrating DHCP NAP with SEPM 11.0 MR6 . We have installed DHCP server with NPS. & then configured Enforcement server with Symantec Integrated NAP Enforcer setup & connected sussecssfully to SEPM manager site.
Now i wanted to know how & where will, i create different SHV to enforce on client installed with NAC.
Sushant
sushant.chaudhari@ril.com