Windows Server 2012 Lizenzierung. Windows Server 2012 - Haupteditionen.
Windows Server 2008 Network Access Protection (NAP) Technical Overview.
-
date post
22-Dec-2015 -
Category
Documents
-
view
221 -
download
1
Transcript of Windows Server 2008 Network Access Protection (NAP) Technical Overview.
Windows Server 2008 Network Access Protection (NAP) Technical Overview
• Introducing Network Access Protection
• Network Access Protection Architecture
• Reviewing NAP Enforcement Options
What Will We Cover?
Level 300
• Familiarity with DHCP
• Knowledge of IPsec
• Familiarity with RRAS and VPN
Helpful Experience
• Introducing Network Access Protection
• Using NAP with DHCP
• Using NAP with VPN
• Using NAP with IPsec
Agenda
Network Access Protection Solution
• Policy Validation
• Network Restriction
• Remediation
• Ongoing CompliancePolices, Procedures,
and Awareness
Data
Application
Host
Internal Network
Perimeter
NAP Architecture Overview
Network Policy Server
Quarantine Server (QS)
Client
Quarantine Agent (QA)
Health policyUpdates
HealthStatements
NetworkAccess
Requests
System Health Servers
Remediation Servers
HealthCertificate
Network Access Devices and Servers
System Health Agent (SHA)MS and 3rd Parties
System Health Validator
Enforcement Client (EC)(DHCP, IPSec, 802.1X, VPN)
Network Layer Protection with NAP
Requesting access. Here’s my new
health status.
MS NPSClient
802.1xSwitch
Remediation Servers
May I have access?Here’s my current health status.
Should this client be restricted basedon its health?
Ongoing policy updates to Network Policy Server
You are given restricted accessuntil fix-up.
Can I have updates?
Here you go.
According to policy, the client is not up to date. Quarantine client, request it to update.
Restricted Network
Client is granted access to full intranet.
System Health Servers
According to policy, the client is up to date.
Grant access.
Host Layer Protection with NAP
Accessing the networkX
Remediation Server
NPSHRA
May I have a health certificate? Here’s my SoH.
Client ok?
No. Needs fix-up.You don’t get a health certificate.Go fix up. I need updates.
Here you go.
Here’s your health certificate.
Yes. Issue health certificate.
Client
No Policy
AuthenticationOptional
AuthenticationRequired
NAP – Enforcement Options
Restricted VLANFull access802.1X
Healthy peers reject
connection requests from
unhealthy systems
Can communicate with any
trusted peer
Complements layer 2 protection
Works with existing servers and infrastructure
Offers flexible isolation
IPsec
Restricted VLANFull access VPN
Restricted set of routesFull IP address given, full
access
DHCP
Unhealthy ClientHealthy ClientEnforcement
Infrastructure and API Setv
Customer Choice
IPsec-based Enforcement
• Introducing Network Access Protection
• Using NAP with DHCP
• Using NAP with VPN
• Using NAP with IPsec
Agenda
NAP with DHCP
NPS ServerClient DHCP Server
VPN Server
IEEE 802.1X Devices
Remediation Servers
Requesting access. Here’s my newhealth status.
The client requests and receives updates
I need to lease an IP address
You are not within the Health Policy requirements
Access granted. Here is your new IP address
Demonstration Environment
External VPN Network10.0.10.0/24
Internal Network192.168.16.0/20
SEA-DC-01.contoso.comWindows Server 2008
Domain Controller, DNS192.168.16.1/20
10.0.10.1/24
`
SEA-WRK-001.contoso.comWindows Vista Ultimate
DHCP assigned IP address
`
SEA-WRK-002.contoso.comWindows Vista Ultimate
192.168.16.100/2010.0.10.10/24
Demo
Configuring NAP for DHCP
Configure Health Policies Configure Network Policies Enable Client NAP Settings
demonstration
• Introducing Network Access Protection
• Using NAP with DHCP
• Using NAP with VPN
• Using NAP with IPsec
Agenda
NAP with VPN and RRAS
NPS ServerClient VPN Server
Remediation Servers
RADIUS MessagesPEAP Messages
Demo
Configuring NAP for VPN
Configure RRAS Settings Configure Connection Request Policy Configure Network Policies
demonstration
• Introducing Network Access Protection
• Using NAP with DHCP
• Using NAP with VPN
• Using NAP with IPsec
Agenda
IPsec-based Communication
Secure network
Boundary network
Restricted network
IPsec Authenticated
Unauthenticated
Demo
Configuring NAP for IPsec
Configure Exemption Group Configure Certificate Settings Configure Health Registration Authority
demonstration
• NAP provides policy-driven access control
• Customer choice—flexible, selectable enforcement
• Broad industry support
Session Summary
www.microsoft.com/technet/add-302
Visit TechNet at:
www.microsoft.com/technet
Visit the following site for additional information:
For More Information
Course ID Title
5934 Introducing Microsoft Windows Server
2008
5939 Introducing Server Management in
Microsoft Windows Server 2008
For training information and availability www.microsoft.com/learning
Training Resources
• Self-study learning tool, free to anyone
• Determines skills gaps
• Provides learning plans
• Post your score, see how you rank
Visit:www.microsoft.com/assessment
Readiness with Skills Assessment
Become a Microsoft Certified Professional
• What are MCP certifications?
Validation in performing critical IT functions
• Why certify?
WW recognition of skills gained through experience
More effective deployments with reduced costs
• What certifications are there for IT Pros?
MCP, MCSE, MCSA, MCDST, MCDBA
www.microsoft.com/learning/mcp
TechNet PlusTechNet Plus is an essential premium web-enabled and live support resource that provides IT Professionals with fast and easy access to Microsoft experts, software and technical information, enhancing IT productivity, control and planning.
Evaluate full versions of all Microsoft commercial software for evaluation—without time limits. This includes all client, server and Office applications.
Try out all the latest betas before public release
Keep your skills current with select Microsoft E-Learning courses free each quarter
Evaluate & Learn Plan & Deploy Support & Maintain
Use the TechNet Library to plan for deployment using the Knowledge Base, resource kits, and technical training
Use exclusive tools like System Center Capacity Planner to accurately plan for and deploy Exchange Server and System Center Operations Manager
Stay informed with your free subscription to TechNet Magazine.
2 complimentary Professional Support incidents for use 24/7 (20% discount on additional incidents)
Access over 100 managed newsgroups and get next business day response--guaranteed
Use the TechNet Library to maintain your IT environment with security updates, service packs and utilities
Get all these resources and more with a TechNet Plus subscription.
For more information visit: technet.microsoft.com/subscriptions