How NAP can be good for SMEs' health

• Tags:
• NAP

Deb Shinder

Published: 11 Jan 2007 14:21 GMT

• 
• 
• 
• 
• 

Protecting the network is an important goal of any IT security strategy, and there are a number of sophisticated mechanisms that can give you better control of who accesses the network and how they do it.

Unfortunately, small and medium businesses often perceive the available third-party products as too complex and/or expensive to be feasible. For example, Cisco's Network Admission Control (NAC) appliance can cost several thousand dollars. That may be more than small businesses on a budget can afford.

But if you plan to upgrade your network operating systems to the next generation of Windows Server (currently called Longhorn), the Network Access Protection (NAP) platform is already built in and can be used with Windows Vista or with XP clients running the NAP Client add-on software for XP that's scheduled to be released at the same time as the new server OS (the XP NAP client is currently in beta testing). Windows Server 2003 will also be able to be a NAP client.

SMBs can take advantage of this core component of Longhorn Server and Vista to ensure that clients connecting to their networks meet their health and security criteria.

The importance of protecting network access
Every computer that connects to your local area network poses a potential threat. If it's infected with a virus or spyware, if it doesn't have adequate firewall protection, has not had the latest security updates and patches installed and so on, the entire network can be placed at risk. You have some control over the on-site computers, but what about those that connect to the LAN via remote access, or the laptops that employees bring to work with them after having connected them to home or public networks?

To protect your network, you should set policies requiring that, before it can connect to your LAN, a computer has to meet minimum "health" standards. But you can't always trust users to comply voluntarily, so you need an enforcement mechanism that can determine whether a system meets the standards and prevent it from connecting, or restrict its access, if it doesn't. That's where NAP comes in; it's Microsoft's health policy compliance platform.

At first glance, NAP may sound a lot like Windows Server 2003's Network Access Quarantine Control (NAQC), which can be used to enforce policies for remote access dialup and VPN connections to a Server 2003 system, but it's a different technology and does much more. NAQC is only for remote-access clients, whereas NAP is designed to protect the health of all systems that connect to your network.

For example, with NAP you can enforce IPsec policies to specify requirements for secure communications, enforce 802.1x policies for wireless clients, along with…

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

[##LC_TMP /zdnetuk/livery/ads/mpu.htm##] array(1) { [0]=> int(10000000) } ["story_categories"]=> array(5) { [0]=> string(16) "Security : Other" [1]=> string(20) "Security : Antivirus" [2]=> string(18) "Security : Spyware" [3]=> string(15) "Security : Spam" [4]=> string(31) "Security : Hacking & Cybercrime" } ["limit_row"]=> int(10) ["include_subchannel_level"]=> int(4) ["exclude_element_ids"]=> array(1) { [0]=> string(8) "39285433" } ["last_days"]=> int(0) ["story_primary_url"]=> bool(true) ["debug"]=> bool(false) ["search_additional_info"]=> array(2) { ["full_header_image_info"]=> string(0) "" ["standard_header_image_info"]=> string(0) "" } ["return_cols"]=> array(10) { [0]=> string(5) "title" [1]=> string(7) "summary" [2]=> string(12) "article_type" [3]=> string(9) "live_date" [4]=> string(3) "url" [5]=> string(15) "additional_info" [6]=> string(10) "popularity" [7]=> string(13) "comment_count" [8]=> string(6) "author" [9]=> string(8) "story_id" } ["order_by"]=> array(1) { [0]=> string(10) "live_date+" } ["date_format"]=> string(1) "U" ["url_function"]=> string(18) "get_zduk_story_url" ["use_primary"]=> int(1) } */ ?>