MS NAP - Security Day


Published on

MS NAP - Security Day Son Vu

Published in: Technology, Economy & Finance
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • MS NAP - Security Day

    1. 1. Windows Server 2008 – Network Access Protection (NAP) Presented by Vu Nguyen Cao Son EPG Technical Specialist [email_address]
    2. 2. <ul><li>Why Security </li></ul><ul><li>Introducing Network Access Protection </li></ul><ul><li>Using NAP with DHCP </li></ul><ul><li>Using NAP with VPN/Ipsec/802.1x </li></ul><ul><li>Q&A </li></ul>Agenda
    3. 3. <ul><li>Media </li></ul><ul><li>Personal Favor </li></ul><ul><li>I think “it is important and essential to my system” </li></ul><ul><li>My company have “fund” for security </li></ul>Why Security !!!??? – Wrong Way
    4. 4. <ul><li>Business Continuty </li></ul>Why Security !!!??? – Right Way Risk-based model Defense in Depth Security Control with ISO 27001 Risk Level ROI
    5. 5. Risk-based Decision Making Business and IT Teams “ Best Control Solution” Information Security “ Prioritize Risks” Business Owners “ What’s Important” Assess Risks Define Security Requirements Determine Acceptable Risk Design & Build Security Solutions Operate & Support Security Solutions Measure Security Solutions
    6. 6. Demo <ul><li>Examining Connection Trace Logs </li></ul><ul><ul><li>Examine Event Logs </li></ul></ul><ul><ul><li>Examine Connection Logs </li></ul></ul>demonstration Defense in Depth with Microsoft Product
    7. 7. Network Access Protection Benefits <ul><li>Enhanced Security </li></ul><ul><ul><li>All communications are authenticated, authorized & healthy </li></ul></ul><ul><ul><li>Defense-in-depth on your terms with DHCP, VPN, IPsec, 802.1X </li></ul></ul><ul><ul><li>Policy-based access that IT Pros can set and control </li></ul></ul><ul><li>Increased Business Value </li></ul><ul><ul><li>Preserves user productivity </li></ul></ul><ul><ul><li>Extends existing investments in Microsoft and 3rd party infrastructure </li></ul></ul><ul><ul><li>Broad industry partnership </li></ul></ul>Risk Level ROI Health and Policy Validation Defense at Multiple Layers Healthy Endpoints Connect Leverage Existing Investments
    8. 8. <ul><li>Why Security </li></ul><ul><li>Introducing Network Access Protection </li></ul><ul><li>Using NAP with DHCP </li></ul><ul><li>Using NAP with VPN/Ipsec/802.1x </li></ul><ul><li>Q&A </li></ul>Agenda
    9. 9. Network Access Protection Solution <ul><li>Policy Validation </li></ul><ul><li>Network Restriction </li></ul><ul><li>Remediation </li></ul><ul><li>Ongoing Compliance </li></ul>Polices, Procedures, and Awareness Data Application Host Internal Network Perimeter
    10. 10. NAP Architecture Overview Network Policy Server Quarantine Server (QS) Client Quarantine Agent (QA) Health policy Updates Health Statements Network Access Requests System Health Servers Remediation Servers Health Certificate Network Access Devices and Servers System Health Agent (SHA ) MS and 3rd Parties System Health Validator Enforcement Client (EC) (DHCP, IPSec, 802.1X, VPN)
    11. 11. How NAP Works Network Access Requests Corporate Network Restricted Network Windows Client Network Enforment Endpoint NPS Active Directory Health Statements QA SHA EC QS SHV Not Compliant Policy Compliant Remediation Servers
    12. 12. Why Microsoft NAP <ul><li>Soft-based solution, free with Windows Server 2008. </li></ul><ul><li>Integrated into the client operating system (XP SP3, Vista) </li></ul><ul><li>Intergrated with Core System (SCCM,FCS,WSUS) </li></ul><ul><li>Integration with 3 rd party security products(Cisco,Juniper,Symantec, Mcafee) </li></ul><ul><li>NAP + Domain & Server Isolation = Enforment Sec </li></ul><ul><li>Multiple types of enforcement </li></ul>
    13. 13. <ul><li>Why Security </li></ul><ul><li>Introducing Network Access Protection </li></ul><ul><li>Using NAP with DHCP </li></ul><ul><li>Using NAP with VPN/Ipsec/802.1x </li></ul><ul><li>Q&A </li></ul>Agenda
    14. 14. NAP with DHCP Requesting access. Here’s my new health status. The client requests and receives updates I need to lease an IP address You are not within the Health Policy requirements Access granted. Here is your new IP address NPS Server Client DHCP Server VPN Server IEEE 802.1X Devices Remediation Servers
    15. 15. Demonstration Environment
    16. 16. Configuring NAP for DHCP demonstration
    17. 17. <ul><li>Why Security </li></ul><ul><li>Introducing Network Access Protection </li></ul><ul><li>Using NAP with DHCP </li></ul><ul><li>Using NAP with VPN/Ipsec/802.1x </li></ul><ul><li>Q&A </li></ul>Agenda
    18. 18. NAP with VPN and RRAS RADIUS Messages PEAP Messages NPS Server Client VPN Server Remediation Servers
    19. 19. IPsec-based Communication Secure network Boundary network Restricted network IPsec Authenticated Unauthenticated
    20. 20. Using NAP with 802.1x Device <ul><li>Most Wireless Security for Enterprise with NAP </li></ul><ul><li>Interoperation with many 802.1x Switch </li></ul>Network Policy Server Authentication Server 802.1x Access Points 802.1x Switch Wireless Clients Active Directory Health Requirement Server Certificate Authority (Optional)
    21. 21. Q&A and Thanks You