Без темы
<<  NB Events – Exceeding Your Expectations Next Generation Sequencing and Human Genome Databases  >>
Network Access Protection (NAP) Technologies
Network Access Protection (NAP) Technologies
Key Takeaways
Key Takeaways
Agenda
Agenda
Risks Of A Highly-Connected World
Risks Of A Highly-Connected World
NAP Solution
NAP Solution
NAP Walk-Through
NAP Walk-Through
NAP Architecture
NAP Architecture
System Health Agents
System Health Agents
System Health Validators
System Health Validators
Enforcement Clients
Enforcement Clients
Microsoft NAP Agent
Microsoft NAP Agent
Microsoft NAP Server Component
Microsoft NAP Server Component
Network Access Device/Server
Network Access Device/Server
Microsoft Network Policy Server
Microsoft Network Policy Server
NAP - RADIUS VSAs
NAP - RADIUS VSAs
NPS Configuration Example
NPS Configuration Example
NAP 802
NAP 802
In-Band And Out-Of-Band Modes
In-Band And Out-Of-Band Modes
NAP IPsec Enforcement
NAP IPsec Enforcement
Microsoft Health Registration Authority (HRA)
Microsoft Health Registration Authority (HRA)
Licensed Protocols
Licensed Protocols
Windows Out-Of-The-Box NAP
Windows Out-Of-The-Box NAP
NAP Extensions
NAP Extensions
EAP Extensibility
EAP Extensibility
NAP Partners
NAP Partners
demo
demo
Call To Action
Call To Action
Additional Resources
Additional Resources
© 2007 Microsoft Corporation
© 2007 Microsoft Corporation

Презентация: «Network Access Protection (NAP) Technologies». Автор: Sreenivas Addagatla/Lambert Green. Файл: «Network Access Protection (NAP) Technologies.pptx». Размер zip-архива: 4026 КБ.

Network Access Protection (NAP) Technologies

содержание презентации «Network Access Protection (NAP) Technologies.pptx»
СлайдТекст
1 Network Access Protection (NAP) Technologies

Network Access Protection (NAP) Technologies

Sreenivas Addagatla - Development Lead Lambert Green - Test Lead Microsoft Corporation

2 Key Takeaways

Key Takeaways

Understand the NAP platform and related technologies Learn about the extensibility of the NAP platform Consider opportunities for building solutions over the NAP platform

3 Agenda

Agenda

Problem space NAP solution Scenario walk-through Platform architecture APIs and protocols Demo Call to Action

4 Risks Of A Highly-Connected World

Risks Of A Highly-Connected World

Many devices crossing enterprise boundaries on a regular basis Compromised devices can result in lost productivity How to define and enforce compliance requirements?

X

Internet

Perimeter

Intranet

Customers

Web Server

Infrastructure Servers

Extranet Server

Business Partners

Remote Access Gateway

Remote Employees

5 NAP Solution

NAP Solution

Policy Validation Are computers “healthy” – compliant with company’s security policies Network Restriction Restrict network access based on their compliance Remediation Provides necessary updates to become compliant Once compliant, the network restrictions are removed Ongoing Compliance Changes in computers’ compliance to dynamically result in network restrictions

6 NAP Walk-Through

NAP Walk-Through

Corporate Network

Restricted Network

Remediation servers

Here you go

Can I have updates?

Ongoing policy updates to NPS Policy Server

Should this client be restricted based on its health?

May I have access? Here’s my current health status

Requesting access. Here’s my new health status

According to policy, the client is not up to date. Restrict client, request it to update

According to policy, the client is up to date Grant access

Microsoft network policy server

802.1x Switch / AP

You are given restricted access until fix-up

Client

Client is granted access to full intranet

7 NAP Architecture

NAP Architecture

NAP Client

Network Policy Server

NAP Agent

NAP Server

Remediation Servers

System Health Servers

Network Access Devices and Servers

Updates

Health Policy

Network Access Messages

Health Data

Enforcement Clients (EC)

EC-x

VPN

DHCP

IPSec

802.1x

8 System Health Agents

System Health Agents

Provide Statements of Health Monitor and notify health changes Process server responses Indicate remediation steps and/or auto-remediate Report remediation status Examples Windows Updates, Firewall, Anti-virus, etc.

NAP Client

NAP Agent

Remediation Servers

Updates

Enforcement Clients

EC-x

VPN

DHCP

IPSec

802.1x

9 System Health Validators

System Health Validators

Process Statements of Health Evaluate compliance based on health policy Provide health responses Indicate health diagnosis and remediation steps to respective SHA

Network Policy Server

NAP Server

System Health Servers

Health Policy

10 Enforcement Clients

Enforcement Clients

Maintain health enforced network connections Provide transport for system statement of health (SoH) and SoH responses (SoHR) Indicate network access status to other components

NAP Client

NAP Agent

Remediation Servers

Updates

Enforcement Clients

EC-x

VPN

DHCP

IPSec

802.1x

11 Microsoft NAP Agent

Microsoft NAP Agent

Maintains current health state of the NAP Client Collect and manage SoH data from SHAs Coordinates interaction between SHAs and ECs Provide ECs with SoH data for transmission Notify SHAs when network access state changes

NAP Client

NAP Agent

Remediation Servers

Updates

Enforcement Clients

EC-x

VPN

DHCP

IPSec

802.1x

12 Microsoft NAP Server Component

Microsoft NAP Server Component

Coordinates interaction between SHVs and NPS Distributes SoHs to corresponding SHVs Collects SoHRs from SHVs and passes to NPS

Network Policy Server

NAP Server

System Health Servers

Health Policy

13 Network Access Device/Server

Network Access Device/Server

Provides network access to clients E.g. VPN Server, 802.1x switch, DHCP Server, etc. RADIUS interactions with a Network Policy Server Network access enforcement Provide the level of network access as defined by the Network Policy Server

Network Policy Server

Client

Network Access Devices and Servers

14 Microsoft Network Policy Server

Microsoft Network Policy Server

Authentication, Authorization and Accounting Services for network access Provides means for definition and evaluation of access control policies Out-of-the-box support for many deployment scenarios Dial-up, VPN, IPSec, 802.1x, TSG, DHCP, … Comprehensive GUI with many wizards

15 NAP - RADIUS VSAs

NAP - RADIUS VSAs

RADIUS Client <-> NPS MS-Quarantine-SoH NPS -> RADIUS Client MS-Quarantine-State Full Access, Restricted, Probation until a certain time MS-Quarantine-Grace-Time Specified date and time for probation MS-IPv4-Remediation-Servers, MS-IPv6-Remediation-Servers Not-Quarantine-Capable

16 NPS Configuration Example

NPS Configuration Example

17 NAP 802

NAP 802

1x/EAP Enforcement

NAP Client

Network Policy Server

NAP Agent

NAP Server

EAP EC

EAPHost

802.1x enabled switch/AP

Network Access Messages

Health Data

EAPHost

PEAP

PEAP

802.1x supplicant

3rd party EAP methods

3rd party EAP methods

3rd party EAP supplicants

18 In-Band And Out-Of-Band Modes

In-Band And Out-Of-Band Modes

In-band mode NAP health data transmitted along with access request/response messages Health validation as one of the authorization steps E.g. 802.1x EAP enforcement Out-of-band mode Use of an earlier obtained health validation result for access control E.g. IPSec enforcement

19 NAP IPsec Enforcement

NAP IPsec Enforcement

NAP Client

Network Policy Server

NAP Agent

NAP Server

IPsec EC

IPsec

Microsoft Health Registration Authority (HRA)

Microsoft Certificate Authority (CA)

Health validation

Health Data

Certifcate Requests/Responses

20 Microsoft Health Registration Authority (HRA)

Microsoft Health Registration Authority (HRA)

Collects health validation results from NPS Obtains health certificates on behalf of clients Provides clients with health certificate and health validation data (SoHRs)

NPS

Client

HRA

MS CA

21 Licensed Protocols

Licensed Protocols

SoH / SoHR RADIUS extensions EAP TLVs Health Certificate Enrollment Protocol (HCEP)

22 Windows Out-Of-The-Box NAP

Windows Out-Of-The-Box NAP

Windows SHA/SHV Windows Security Center integration Provide state of WSC checks e.g. automatic updates on/off, etc Support for many access technologies 802.1x/EAP, IPsec, VPN, DHCP

23 NAP Extensions

NAP Extensions

Published APIs for customizing SHA SHV EC Cert-Relying Party (For out-of-band mode deployments) MSDN Resources under “NAP Reference”

24 EAP Extensibility

EAP Extensibility

EAPHost API Supplicants (UI and transport) EAP Methods (algorithms and mechanisms) Peer side (client) Authenticator (server) Built-in components for EAP State machine, message validations, and method implementations

25 NAP Partners

NAP Partners

26 demo

demo

NAP 802.1x Enforcement

Lambert Green Test Lead Enterprise Networking Group

27 Call To Action

Call To Action

Leverage NAP into deployments Value: Reduction of non-compliance related risks Extend NAP to deliver value to the customer On the client, switch and servers Use EAPHost extensibility to build your supplicants, EAP Methods

28 Additional Resources

Additional Resources

Web Resources NAP Specs, whitepapers, step-by-step guides: http://www.microsoft.com/nap NAP API: http://msdn2.microsoft.com/en-us/library/aa369705.aspx NAP Blog: http://blogs.technet.com/nap EAPHost API: http://msdn2.microsoft.com/en-us/library/aa363701.aspx E-mail contacts

Asknap @ microsoft.com

29 © 2007 Microsoft Corporation

© 2007 Microsoft Corporation

All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

«Network Access Protection (NAP) Technologies»
http://900igr.net/prezentacija/anglijskij-jazyk/network-access-protection-nap-technologies-134081.html
cсылка на страницу
Урок

Английский язык

29 тем
Слайды