SlideShare a Scribd company logo

MS NAP - Security Day

Download as PPT, PDF
V
vncson

This document summarizes Network Access Protection (NAP) in Windows Server 2008. It discusses how NAP enhances security by authenticating, authorizing, and validating the health of systems connecting to the network. It provides an overview of the NAP architecture and how NAP works with DHCP, VPN/IPsec, and 802.1x to control network access based on system health policies. The document also demonstrates NAP configurations for DHCP and VPN/RRAS enforcement of health policies.

TechnologyEconomy & Finance
1 of 21
Downloaded 69 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Windows Server 2008 – Network Access Protection (NAP) Presented by Vu Nguyen Cao Son EPG Technical Specialist [email_address] www.CaoSonBlog.com
Why Security Introducing Network Access Protection Using NAP with DHCP Using NAP with VPN/Ipsec/802.1x Q&A Agenda
Media Personal Favor I think “it is important and essential to my system” My company have “fund” for security Why Security !!!??? – Wrong Way
Business Continuty Why Security !!!??? – Right Way Risk-based model Defense in Depth Security Control with ISO 27001 Risk Level ROI
Risk-based Decision Making Business and IT Teams “ Best Control Solution” Information Security “ Prioritize Risks” Business Owners “ What’s Important” Assess Risks Define Security Requirements Determine Acceptable Risk Design & Build Security Solutions Operate & Support Security Solutions Measure Security Solutions
Demo Examining Connection Trace Logs Examine Event Logs Examine Connection Logs demonstration Defense in Depth with Microsoft Product
Network Access Protection Benefits Enhanced Security All communications are authenticated, authorized & healthy Defense-in-depth on your terms with DHCP, VPN, IPsec, 802.1X Policy-based access that IT Pros can set and control Increased Business Value Preserves user productivity Extends existing investments in Microsoft and 3rd party infrastructure Broad industry partnership Risk Level ROI Health and Policy Validation Defense at Multiple Layers Healthy Endpoints Connect Leverage Existing Investments
Why Security Introducing Network Access Protection Using NAP with DHCP Using NAP with VPN/Ipsec/802.1x Q&A Agenda
Network Access Protection Solution Policy Validation Network Restriction Remediation Ongoing Compliance Polices, Procedures, and Awareness Data Application Host Internal Network Perimeter
NAP Architecture Overview Network Policy Server Quarantine Server (QS) Client Quarantine Agent (QA) Health policy Updates Health Statements Network Access Requests System Health Servers Remediation Servers Health Certificate Network Access Devices and Servers System Health Agent (SHA ) MS and 3rd Parties System Health Validator Enforcement Client (EC) (DHCP, IPSec, 802.1X, VPN)
How NAP Works Network Access Requests Corporate Network Restricted Network Windows Client Network Enforment Endpoint NPS Active Directory Health Statements QA SHA EC QS SHV Not Compliant Policy Compliant Remediation Servers
Why Microsoft NAP Soft-based solution, free with Windows Server 2008. Integrated into the client operating system (XP SP3, Vista) Intergrated with Core System (SCCM,FCS,WSUS) Integration with 3 rd party security products(Cisco,Juniper,Symantec, Mcafee) NAP + Domain & Server Isolation = Enforment Sec Multiple types of enforcement
Why Security Introducing Network Access Protection Using NAP with DHCP Using NAP with VPN/Ipsec/802.1x Q&A Agenda
NAP with DHCP Requesting access. Here’s my new health status. The client requests and receives updates I need to lease an IP address You are not within the Health Policy requirements Access granted. Here is your new IP address NPS Server Client DHCP Server VPN Server IEEE 802.1X Devices Remediation Servers
Demonstration Environment
Configuring NAP for DHCP demonstration
Why Security Introducing Network Access Protection Using NAP with DHCP Using NAP with VPN/Ipsec/802.1x Q&A Agenda
NAP with VPN and RRAS RADIUS Messages PEAP Messages NPS Server Client VPN Server Remediation Servers
IPsec-based Communication Secure network Boundary network Restricted network IPsec Authenticated Unauthenticated
Using NAP with 802.1x Device Most Wireless Security for Enterprise with NAP Interoperation with many 802.1x Switch Network Policy Server Authentication Server 802.1x Access Points 802.1x Switch Wireless Clients Active Directory Health Requirement Server Certificate Authority (Optional)
Q&A and Thanks You www.CaoSonBlog.com

More Related Content

PPTX
Network access protection ppt
Dasarathi Dash
 
PPT
Network Access Protection
Zernike College
 
PPT
Requirements for an internet connectivity solution 1
Dinesh Kumar
 
PPTX
5 ways you can strengthen and secure your network infrastructure with Firewal...
ManageEngine, Zoho Corporation
 
PPTX
IT Solutions Provider in Kosovo uses Bandwidth monitoring, NetFlow Analyzer
ManageEngine, Zoho Corporation
 
PDF
Enterprise network management
ManageEngine, Zoho Corporation
 
PPTX
NuvoSys Solutions, LLC
nygonz
 
PPTX
5 reasons to use OpManager Plus
ManageEngine, Zoho Corporation
 
Network access protection ppt
Dasarathi Dash
 
Network Access Protection
Zernike College
 
Requirements for an internet connectivity solution 1
Dinesh Kumar
 
5 ways you can strengthen and secure your network infrastructure with Firewal...
ManageEngine, Zoho Corporation
 
IT Solutions Provider in Kosovo uses Bandwidth monitoring, NetFlow Analyzer
ManageEngine, Zoho Corporation
 
Enterprise network management
ManageEngine, Zoho Corporation
 
NuvoSys Solutions, LLC
nygonz
 
5 reasons to use OpManager Plus
ManageEngine, Zoho Corporation
 

What's hot (20)

PPTX
Webinar: SecurePlanHealth Updates
Knight Security Systems
 
PDF
Monitoring active-directory
Prince JabaKumar
 
PPTX
Completing fedramp-security-authorization-process
Tuan Phan
 
PPTX
Why Configuration Management Matters
ManageEngine, Zoho Corporation
 
PDF
Application-aware Network Performance Management with OpManager
ManageEngine, Zoho Corporation
 
PPTX
5 Ways NCM Can Save You From A Disaster
ManageEngine, Zoho Corporation
 
PPTX
Network Configuration Management - Mumbai Seminar
ManageEngine, Zoho Corporation
 
PPTX
5 reasons why you need a network monitoring tool
ManageEngine, Zoho Corporation
 
PPTX
5 benefits of OpManager
ManageEngine, Zoho Corporation
 
PPTX
Free Netflow analyzer training - diagnosing_and_troubleshooting
ManageEngine, Zoho Corporation
 
PPTX
Leading American Entertainment Company implements OpManager
ManageEngine, Zoho Corporation
 
PPT
Why Use Wes Tech Solutions
doughold
 
PPT
Why Use Westech Solutions
Jhugueno
 
PPTX
6 reasons to switch to fluidic ui - Network Configuration Manager
ManageEngine, Zoho Corporation
 
PPTX
New OpManager v12
Inuit AB
 
PDF
TrustedAgent FedRAMP Security Authorization
Tuan Phan
 
PPTX
Managed Desktop Services
Gss America
 
PPTX
Best Network Performance Monitoring Tool
Joe Shestak
 
PPTX
Top 5 problems a NETWORK ANALYSIS TOOL will help you solve
ManageEngine, Zoho Corporation
 
PPT
The 3 aspects of network performance management
ManageEngine
 
Webinar: SecurePlanHealth Updates
Knight Security Systems
 
Monitoring active-directory
Prince JabaKumar
 
Completing fedramp-security-authorization-process
Tuan Phan
 
Why Configuration Management Matters
ManageEngine, Zoho Corporation
 
Application-aware Network Performance Management with OpManager
ManageEngine, Zoho Corporation
 
5 Ways NCM Can Save You From A Disaster
ManageEngine, Zoho Corporation
 
Network Configuration Management - Mumbai Seminar
ManageEngine, Zoho Corporation
 
5 reasons why you need a network monitoring tool
ManageEngine, Zoho Corporation
 
5 benefits of OpManager
ManageEngine, Zoho Corporation
 
Free Netflow analyzer training - diagnosing_and_troubleshooting
ManageEngine, Zoho Corporation
 
Leading American Entertainment Company implements OpManager
ManageEngine, Zoho Corporation
 
Why Use Wes Tech Solutions
doughold
 
Why Use Westech Solutions
Jhugueno
 
6 reasons to switch to fluidic ui - Network Configuration Manager
ManageEngine, Zoho Corporation
 
New OpManager v12
Inuit AB
 
TrustedAgent FedRAMP Security Authorization
Tuan Phan
 
Managed Desktop Services
Gss America
 
Best Network Performance Monitoring Tool
Joe Shestak
 
Top 5 problems a NETWORK ANALYSIS TOOL will help you solve
ManageEngine, Zoho Corporation
 
The 3 aspects of network performance management
ManageEngine
 
Ad

Similar to MS NAP - Security Day (20)

PPTX
6421 b Module-07
Bibekananada Jena
 
DOC
Nap vpn stepby_step
Mahmoudmagdy Elenany
 
PPT
What is NAC
Israel Marcus
 
PPT
Network Access COntrol asdfcxzqwe asd asdd .ppt
jrsocmad
 
PPT
Uac sales pres_20_apr09-2
lousifers
 
PDF
BOSNOG NAC stack 2018
GENIANS, INC.
 
PPT
Windows server2008
jaimeccanto
 
PPTX
Connect Remotely Using Windows® 7 Direct Access
Microsoft TechNet
 
PPTX
NAC_p3.pptx
Saurabh846965
 
PPTX
"Secure network access & threat protection"
rp6336567
 
PPT
Cisco Managed Security
Srivatsan Desikan
 
PPT
0505 Windows Server 2008 一日精華營 Part II
Timothy Chen
 
PDF
Windows Server 2008 Security Overview Short
Eduardo Castro
 
PDF
Windows Server 2008 Security Overview Short
Eduardo Castro
 
PPTX
Microsoft Platform Security Briefing
technext1
 
DOCX
clear pass solution doc.docx clear pass solution doc.docx
ItEngineer3
 
PPTX
Microsoft Windows 7 Enhanced Security And Control
Microsoft TechNet
 
PDF
Network access control (nac)
cyberlocke
 
PPT
Info Sec2007 End Point Final
Ben Rothke
 
PDF
802.1x Implementation Plan for Seacoast
Sithideth Banavong
 
6421 b Module-07
Bibekananada Jena
 
Nap vpn stepby_step
Mahmoudmagdy Elenany
 
What is NAC
Israel Marcus
 
Network Access COntrol asdfcxzqwe asd asdd .ppt
jrsocmad
 
Uac sales pres_20_apr09-2
lousifers
 
BOSNOG NAC stack 2018
GENIANS, INC.
 
Windows server2008
jaimeccanto
 
Connect Remotely Using Windows® 7 Direct Access
Microsoft TechNet
 
NAC_p3.pptx
Saurabh846965
 
"Secure network access & threat protection"
rp6336567
 
Cisco Managed Security
Srivatsan Desikan
 
0505 Windows Server 2008 一日精華營 Part II
Timothy Chen
 
Windows Server 2008 Security Overview Short
Eduardo Castro
 
Windows Server 2008 Security Overview Short
Eduardo Castro
 
Microsoft Platform Security Briefing
technext1
 
clear pass solution doc.docx clear pass solution doc.docx
ItEngineer3
 
Microsoft Windows 7 Enhanced Security And Control
Microsoft TechNet
 
Network access control (nac)
cyberlocke
 
Info Sec2007 End Point Final
Ben Rothke
 
802.1x Implementation Plan for Seacoast
Sithideth Banavong
 
Ad

More from vncson (16)

PPTX
Protecting exchange servers with dpm 2010 son vu
vncson
 
PPTX
Microsoft Private Cloud Computing
vncson
 
PPTX
Hyper V In Windows Server 2008 R2.Son Vu
vncson
 
PPTX
Scvmm Technical Overview.Son Vu
vncson
 
PPT
Dpm4 Data Center
vncson
 
PPT
Dpm Disaster Recovery Sonvu
vncson
 
PPT
Branch Office Solution Son Vu
vncson
 
PPT
Dpm.2007.For.Sql Sonvu
vncson
 
PPT
Data Protection Manager 2007 Technical Overview Son Vu
vncson
 
PPT
Data Center Optimization With Microsoft System Center Son Vu
vncson
 
PPT
IO ROI Example
vncson
 
PPT
Why Upgrade To Exchange 2007 Sp1 Son Vu
vncson
 
PPT
Microsoft IO 101 Training
vncson
 
PPT
Exchange 2007 Overview Son Vu
vncson
 
PPT
Microsoft.Virtualization.Technologies Son Vu
vncson
 
PPT
Microsoft Hyper V Server 2008
vncson
 
Protecting exchange servers with dpm 2010 son vu
vncson
 
Microsoft Private Cloud Computing
vncson
 
Hyper V In Windows Server 2008 R2.Son Vu
vncson
 
Scvmm Technical Overview.Son Vu
vncson
 
Dpm4 Data Center
vncson
 
Dpm Disaster Recovery Sonvu
vncson
 
Branch Office Solution Son Vu
vncson
 
Dpm.2007.For.Sql Sonvu
vncson
 
Data Protection Manager 2007 Technical Overview Son Vu
vncson
 
Data Center Optimization With Microsoft System Center Son Vu
vncson
 
IO ROI Example
vncson
 
Why Upgrade To Exchange 2007 Sp1 Son Vu
vncson
 
Microsoft IO 101 Training
vncson
 
Exchange 2007 Overview Son Vu
vncson
 
Microsoft.Virtualization.Technologies Son Vu
vncson
 
Microsoft Hyper V Server 2008
vncson
 

Recently uploaded (20)

PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Approach and Philosophy of On baking technology
30anthuong17
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Teaching material agriculture food technology
LiaRayya
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 

MS NAP - Security Day

  • 1. Windows Server 2008 – Network Access Protection (NAP) Presented by Vu Nguyen Cao Son EPG Technical Specialist [email_address] www.CaoSonBlog.com
  • 2. Why Security Introducing Network Access Protection Using NAP with DHCP Using NAP with VPN/Ipsec/802.1x Q&A Agenda
  • 3. Media Personal Favor I think “it is important and essential to my system” My company have “fund” for security Why Security !!!??? – Wrong Way
  • 4. Business Continuty Why Security !!!??? – Right Way Risk-based model Defense in Depth Security Control with ISO 27001 Risk Level ROI
  • 5. Risk-based Decision Making Business and IT Teams “ Best Control Solution” Information Security “ Prioritize Risks” Business Owners “ What’s Important” Assess Risks Define Security Requirements Determine Acceptable Risk Design & Build Security Solutions Operate & Support Security Solutions Measure Security Solutions
  • 6. Demo Examining Connection Trace Logs Examine Event Logs Examine Connection Logs demonstration Defense in Depth with Microsoft Product
  • 7. Network Access Protection Benefits Enhanced Security All communications are authenticated, authorized & healthy Defense-in-depth on your terms with DHCP, VPN, IPsec, 802.1X Policy-based access that IT Pros can set and control Increased Business Value Preserves user productivity Extends existing investments in Microsoft and 3rd party infrastructure Broad industry partnership Risk Level ROI Health and Policy Validation Defense at Multiple Layers Healthy Endpoints Connect Leverage Existing Investments
  • 8. Why Security Introducing Network Access Protection Using NAP with DHCP Using NAP with VPN/Ipsec/802.1x Q&A Agenda
  • 9. Network Access Protection Solution Policy Validation Network Restriction Remediation Ongoing Compliance Polices, Procedures, and Awareness Data Application Host Internal Network Perimeter
  • 10. NAP Architecture Overview Network Policy Server Quarantine Server (QS) Client Quarantine Agent (QA) Health policy Updates Health Statements Network Access Requests System Health Servers Remediation Servers Health Certificate Network Access Devices and Servers System Health Agent (SHA ) MS and 3rd Parties System Health Validator Enforcement Client (EC) (DHCP, IPSec, 802.1X, VPN)
  • 11. How NAP Works Network Access Requests Corporate Network Restricted Network Windows Client Network Enforment Endpoint NPS Active Directory Health Statements QA SHA EC QS SHV Not Compliant Policy Compliant Remediation Servers
  • 12. Why Microsoft NAP Soft-based solution, free with Windows Server 2008. Integrated into the client operating system (XP SP3, Vista) Intergrated with Core System (SCCM,FCS,WSUS) Integration with 3 rd party security products(Cisco,Juniper,Symantec, Mcafee) NAP + Domain & Server Isolation = Enforment Sec Multiple types of enforcement
  • 13. Why Security Introducing Network Access Protection Using NAP with DHCP Using NAP with VPN/Ipsec/802.1x Q&A Agenda
  • 14. NAP with DHCP Requesting access. Here’s my new health status. The client requests and receives updates I need to lease an IP address You are not within the Health Policy requirements Access granted. Here is your new IP address NPS Server Client DHCP Server VPN Server IEEE 802.1X Devices Remediation Servers
  • 16. Configuring NAP for DHCP demonstration
  • 17. Why Security Introducing Network Access Protection Using NAP with DHCP Using NAP with VPN/Ipsec/802.1x Q&A Agenda
  • 18. NAP with VPN and RRAS RADIUS Messages PEAP Messages NPS Server Client VPN Server Remediation Servers
  • 19. IPsec-based Communication Secure network Boundary network Restricted network IPsec Authenticated Unauthenticated
  • 20. Using NAP with 802.1x Device Most Wireless Security for Enterprise with NAP Interoperation with many 802.1x Switch Network Policy Server Authentication Server 802.1x Access Points 802.1x Switch Wireless Clients Active Directory Health Requirement Server Certificate Authority (Optional)
  • 21. Q&A and Thanks You www.CaoSonBlog.com