Windows Server 2008 –  Network Access Protection (NAP) Presented by Vu Nguyen Cao Son EPG Technical Specialist [email_addr...
<ul><li>Why Security </li></ul><ul><li>Introducing Network Access Protection </li></ul><ul><li>Using NAP with DHCP </li></...
<ul><li>Media  </li></ul><ul><li>Personal Favor </li></ul><ul><li>I think “it is important and essential to my system” </l...
<ul><li>Business Continuty </li></ul>Why Security !!!??? – Right Way Risk-based model  Defense in Depth Security Control w...
Risk-based Decision Making Business and IT Teams “ Best Control Solution” Information Security “ Prioritize Risks” Busines...
Demo <ul><li>Examining Connection Trace Logs  </li></ul><ul><ul><li>Examine Event Logs </li></ul></ul><ul><ul><li>Examine ...
Network Access Protection Benefits <ul><li>Enhanced Security </li></ul><ul><ul><li>All communications are authenticated, a...
<ul><li>Why Security </li></ul><ul><li>Introducing Network Access Protection </li></ul><ul><li>Using NAP with DHCP </li></...
Network Access Protection Solution <ul><li>Policy Validation </li></ul><ul><li>Network Restriction </li></ul><ul><li>Remed...
NAP Architecture Overview Network  Policy Server Quarantine Server (QS) Client Quarantine Agent (QA) Health policy Updates...
How NAP Works  Network Access Requests Corporate Network Restricted Network Windows Client Network  Enforment Endpoint NPS...
Why Microsoft NAP <ul><li>Soft-based solution, free with Windows Server 2008. </li></ul><ul><li>Integrated into the client...
<ul><li>Why Security </li></ul><ul><li>Introducing Network Access Protection </li></ul><ul><li>Using NAP with DHCP </li></...
NAP with DHCP Requesting access.  Here’s my new health status. The client requests and receives updates I need to lease  a...
Demonstration Environment
Configuring NAP for DHCP  demonstration
<ul><li>Why Security </li></ul><ul><li>Introducing Network Access Protection </li></ul><ul><li>Using NAP with DHCP </li></...
NAP with VPN and RRAS RADIUS Messages PEAP Messages NPS Server Client VPN Server Remediation  Servers
IPsec-based Communication Secure network Boundary network Restricted network IPsec Authenticated Unauthenticated
Using NAP with 802.1x Device <ul><li>Most Wireless Security for Enterprise with NAP </li></ul><ul><li>Interoperation with ...
Q&A and Thanks You www.CaoSonBlog.com
Upcoming SlideShare
Loading in …5
×

MS NAP - Security Day

1,728 views

Published on

MS NAP - Security Day Son Vu

Published in: Technology, Economy & Finance
  • Be the first to comment

  • Be the first to like this

MS NAP - Security Day

  1. 1. Windows Server 2008 – Network Access Protection (NAP) Presented by Vu Nguyen Cao Son EPG Technical Specialist [email_address] www.CaoSonBlog.com
  2. 2. <ul><li>Why Security </li></ul><ul><li>Introducing Network Access Protection </li></ul><ul><li>Using NAP with DHCP </li></ul><ul><li>Using NAP with VPN/Ipsec/802.1x </li></ul><ul><li>Q&A </li></ul>Agenda
  3. 3. <ul><li>Media </li></ul><ul><li>Personal Favor </li></ul><ul><li>I think “it is important and essential to my system” </li></ul><ul><li>My company have “fund” for security </li></ul>Why Security !!!??? – Wrong Way
  4. 4. <ul><li>Business Continuty </li></ul>Why Security !!!??? – Right Way Risk-based model Defense in Depth Security Control with ISO 27001 Risk Level ROI
  5. 5. Risk-based Decision Making Business and IT Teams “ Best Control Solution” Information Security “ Prioritize Risks” Business Owners “ What’s Important” Assess Risks Define Security Requirements Determine Acceptable Risk Design & Build Security Solutions Operate & Support Security Solutions Measure Security Solutions
  6. 6. Demo <ul><li>Examining Connection Trace Logs </li></ul><ul><ul><li>Examine Event Logs </li></ul></ul><ul><ul><li>Examine Connection Logs </li></ul></ul>demonstration Defense in Depth with Microsoft Product
  7. 7. Network Access Protection Benefits <ul><li>Enhanced Security </li></ul><ul><ul><li>All communications are authenticated, authorized & healthy </li></ul></ul><ul><ul><li>Defense-in-depth on your terms with DHCP, VPN, IPsec, 802.1X </li></ul></ul><ul><ul><li>Policy-based access that IT Pros can set and control </li></ul></ul><ul><li>Increased Business Value </li></ul><ul><ul><li>Preserves user productivity </li></ul></ul><ul><ul><li>Extends existing investments in Microsoft and 3rd party infrastructure </li></ul></ul><ul><ul><li>Broad industry partnership </li></ul></ul>Risk Level ROI Health and Policy Validation Defense at Multiple Layers Healthy Endpoints Connect Leverage Existing Investments
  8. 8. <ul><li>Why Security </li></ul><ul><li>Introducing Network Access Protection </li></ul><ul><li>Using NAP with DHCP </li></ul><ul><li>Using NAP with VPN/Ipsec/802.1x </li></ul><ul><li>Q&A </li></ul>Agenda
  9. 9. Network Access Protection Solution <ul><li>Policy Validation </li></ul><ul><li>Network Restriction </li></ul><ul><li>Remediation </li></ul><ul><li>Ongoing Compliance </li></ul>Polices, Procedures, and Awareness Data Application Host Internal Network Perimeter
  10. 10. NAP Architecture Overview Network Policy Server Quarantine Server (QS) Client Quarantine Agent (QA) Health policy Updates Health Statements Network Access Requests System Health Servers Remediation Servers Health Certificate Network Access Devices and Servers System Health Agent (SHA ) MS and 3rd Parties System Health Validator Enforcement Client (EC) (DHCP, IPSec, 802.1X, VPN)
  11. 11. How NAP Works Network Access Requests Corporate Network Restricted Network Windows Client Network Enforment Endpoint NPS Active Directory Health Statements QA SHA EC QS SHV Not Compliant Policy Compliant Remediation Servers
  12. 12. Why Microsoft NAP <ul><li>Soft-based solution, free with Windows Server 2008. </li></ul><ul><li>Integrated into the client operating system (XP SP3, Vista) </li></ul><ul><li>Intergrated with Core System (SCCM,FCS,WSUS) </li></ul><ul><li>Integration with 3 rd party security products(Cisco,Juniper,Symantec, Mcafee) </li></ul><ul><li>NAP + Domain & Server Isolation = Enforment Sec </li></ul><ul><li>Multiple types of enforcement </li></ul>
  13. 13. <ul><li>Why Security </li></ul><ul><li>Introducing Network Access Protection </li></ul><ul><li>Using NAP with DHCP </li></ul><ul><li>Using NAP with VPN/Ipsec/802.1x </li></ul><ul><li>Q&A </li></ul>Agenda
  14. 14. NAP with DHCP Requesting access. Here’s my new health status. The client requests and receives updates I need to lease an IP address You are not within the Health Policy requirements Access granted. Here is your new IP address NPS Server Client DHCP Server VPN Server IEEE 802.1X Devices Remediation Servers
  15. 15. Demonstration Environment
  16. 16. Configuring NAP for DHCP demonstration
  17. 17. <ul><li>Why Security </li></ul><ul><li>Introducing Network Access Protection </li></ul><ul><li>Using NAP with DHCP </li></ul><ul><li>Using NAP with VPN/Ipsec/802.1x </li></ul><ul><li>Q&A </li></ul>Agenda
  18. 18. NAP with VPN and RRAS RADIUS Messages PEAP Messages NPS Server Client VPN Server Remediation Servers
  19. 19. IPsec-based Communication Secure network Boundary network Restricted network IPsec Authenticated Unauthenticated
  20. 20. Using NAP with 802.1x Device <ul><li>Most Wireless Security for Enterprise with NAP </li></ul><ul><li>Interoperation with many 802.1x Switch </li></ul>Network Policy Server Authentication Server 802.1x Access Points 802.1x Switch Wireless Clients Active Directory Health Requirement Server Certificate Authority (Optional)
  21. 21. Q&A and Thanks You www.CaoSonBlog.com

×