1

Objectives

• Wireless Access

• IPSec

• Discuss Network Access Protection

• Install Network Access Protection

Wireless Access Configuration in Windows Server 2008

• 802.1x standard– Developed by the Institute of Electrical and Electronics

Engineers (IEEE)

• On 802.1x networks– Network access control provides an authentication

mechanism to allow or deny network access based on port connection

– WPA2-EAP (Wi-Fi Protected Authentication 2 – EAP)

2

Wireless Access Configuration in Windows Server 2008 (continued)

• Categories of EAP implementations– EAP over local area network (LAN)

• EAP-TLS

– EAP over wireless • PEAP: Protected Extensible Authentication Protocol

• 802.1x uses a three-component model for authenticating access to networks– Supplicant– Authenticator– Authentication server

3

4

Internet Protocol Security

• An open-standards framework for securing network communications

• IPSec meets three basic goals– Authentication– Integrity– Confidentiality

5

IPSec Threats

• Depending on the configuration of IPSec, it provides protection from the following threats– Data tampering– Denial of service– Identity spoofing– Man-in-the-middle attacks– Repudiation– Network traffic sniffing

6

How IPSec Works

• IPSec modes of operation– Transport mode– Tunnel mode

• Scenarios available when deploying IPSec– Site to site– Client to client– Client to site

7

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration

8

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration

9

Using IPSec

How IPSec Works (continued)

• IPSec security association modes– IPSec uses the Internet Key Exchange (IKE) to

negotiate security protocols – IKE generates the encryption and authentication

keys used by IPSec for the transaction– IPSec performs transactions in two phases

• Main mode/Phase 1

• Quick mode/Phase 2

11

How IPSec Works (continued)

• IPSec security methods– IPSec uses two security services

• Encapsulating Security Payload

• Authentication Header

• IPSec policies– Can be managed with the following tools

• WFAS, IP Security Policy snap-in

• Netsh, GPME

12

13

14

Network Access Protection

• NAP can be broken into three parts– Health policy validation– Health policy compliance– Access limitation

15

NAP Terminology

• Enforcement Client

• Enforcement Server

• Host Credential Authorization Protocol

• Health Registration Authority

• Network Policy Server

• Remediation Server

• System Health Agent

• System Health Validator

16

NAP Enforcement Methods

• The five types of NAP enforcement methods used by NAP– 802.1x-authenticated connections– Dynamic Host Configuration Protocol (DHCP)

address configurations– IPSec communications– Terminal Services Gateway (TS Gateway)

connections– Virtual Private Network (VPN) connections

17

Implementing NAP

• NAP – Designed by Microsoft to allow you to customize it to

meet the unique needs of your networks– Implementing and configuring NAP differs from

network to network based on requirements and policies

18

19

Installing NAP

• NAP is part of the NPS role

• To install NAP components– Add the NPS role either through the Role Services

Wizard or from the command line using servermanagercmd.exe

20