1 / 21

Module 5: Network Policies and Access Protection

Module 5: Network Policies and Access Protection. Module Overview. Network Policies Access Protection Enforcement Options Network Access Protection Scenarios. Lesson 1: Network Policies Access Protection. Why Use Network Access Protection? Network Protection Services Overview

ginger
Télécharger la présentation

Module 5: Network Policies and Access Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 5:Network Policies and Access Protection

  2. Module Overview • Network Policies Access Protection • Enforcement Options • Network Access Protection Scenarios

  3. Lesson 1: Network Policies Access Protection • Why Use Network Access Protection? • Network Protection Services Overview • Network Access Protection Solution • NAP Architecture Overview • Network Layer Protection with NAP • Host Layer Protection with NAP

  4. Why Use Network Access Protection? Healthy computer Private Network Unhealthy computer

  5. Network Protection Services Overview • Network Policy Server (NPS) • Network Access Protection (NAP) Policy Server • IEEE 802.11 Wireless • IEEE 802.3 Wired • RADIUS Server • RADIUS Proxy • Routing and Remote Access • Remote Access Service • Routing • Health Registration Authority (HRA)

  6. Network Access Protection Solution Policy Validation Network Restriction Remediation Ongoing Compliance Polices, Procedures & Awareness Data Application Host Internal Network Perimeter

  7. NAP Architecture Overview System Health Servers Remediation Servers Updates Health policy Network Access Requests Client Health Statements MS Network Policy Server System Health Agent (SHA) MS and 3rd Parties Health Certificate System Health Validator Quarantine Agent (QA) Network Access Devices and Servers Enforcement Client (EC) (DHCP, IPSec, 802.1X, VPN) Quarantine Server (QS)

  8. Network Layer Protection with NAP Restricted Network System Health Servers Remediation Servers Here you go. Can I have updates? Ongoing policy updates to Network Policy Server May I have access? Here’s my current health status. Should this client be restricted based on its health? Requesting access. Here’s my new health status. According to policy, the client is not up to date. Quarantine client, request it to update. MS NPS Client According to policy, the client is up to date. Grant access. You are given restricted access until fix-up. 802.1x Switch Client is granted access to full intranet.

  9. Host Layer Protection with NAP No Policy Authentication Optional Authentication Required May I have a health certificate? Here’s my SoH. Client ok? Yes. Issue health certificate. No. Needs fix-up. You don’t get a health certificate. Go fix up. Here’s your health certificate.  X HRA Client I need updates. Accessing the network Here you go. NPS Remediation Server No Policy Authentication Optional Authentication Required X HRA Client Accessing the network NPS Remediation Server

  10. Lesson 2: Enforcement Options • NAP – Enforcement Options • NAP with DHCP • IPsec-based Communication • NAP with RRAS

  11. NAP – Enforcement Options Enforcement Healthy Client Unhealthy Client DHCP Full IP address given, full access Restricted set of routes VPN Full access Restricted VLAN 802.1X Full access Restricted VLAN IPsec Can communicate with any trusted peer Healthy peers reject connection requests from unhealthy systems Complements layer 2 protection Works with existing servers and infrastructure Offers flexible isolation

  12. NAP with DHCP IEEE 802.1X Devices I need to Lease an IP address Requesting access. Here’s my new health status. DHCP Server NPS Server You are not within the Health Policy requirements The client requests and receives updates Access Granted. Here is your new IP Address VPN Server Remediation Servers Client

  13. IPsec-based Communication IPsec Authenticated Unauthenticated Secure network Boundary network Restricted network

  14. NAP with RRAS RADIUS Messages PEAP Messages Client NPS Server VPN Server Remediation Servers

  15. Lesson 3: Network Access Protection Scenarios • Scenario 1: Roaming Laptops • Scenario 2: Health of Desktop Computers • Scenario 3: Health of Visiting Laptops • Scenario 4: Unmanaged Home Computers

  16. Scenario 1: Roaming Laptops NAP

  17. Scenario 2: Health of Desktop Computers Network Policy Server

  18. Scenario 3: Health of Visiting Laptops Network Policy Server

  19. Scenario 4: Unmanaged Home Computers

  20. Review • Network Policies Access Protection • Enforcement Options • Network Access Protection Scenarios

  21. Lab: Using Network Access Protection • Exercise 1: Configuring Network Access Protection for DHCP

More Related