Nov 16 2009
Network Access Protection
We are very health conscious here in Minnesota. (Paranoid?) The kids are all immunized against diphtheria, tetanus, whooping cough and every type of flu known, including H1N1! Our health is pretty secure! Then we went and sent the kids off to that school! Half of the students, which probably mean half of the faculty, are infected with that swine flu virus! If only there was a way to guarantee that the kids would only sit next to, and interact with, kids that were vaccinated for all of the flu viruses! Those kids that were NOT vaccinated would be forced to sit in a special room, separate from everyone else, until they met my standards of vaccination! Once they were protected from every virus known, they could then join the immunized students! Then the kids would stop bringing home those pesky viruses!
Just a dream brought on during a moment of flu caused weakness of the mind? Probably, but it is just that dream that is available to protect your Microsoft network!
Just think, I try to protect my network. All of the servers and client computers on my network have up to date virus and spyware protection installed. Every server and client computer has all of the Microsoft updates installed. All is safe!
Except…
Some of the employees work from home, connecting with a VPN (virtual private network). They connect with their home computers, computers that do not have the benefit of my justifiable paranoia! Computers that do not have up to date virus and spyware protection! Computers that do not have the most recent Microsoft updates installed! Computers that could infect my perfect, healthy network with the latest evil virus!
What’s a rock scientist network administrator to do?
With Microsoft Server 08, we have an answer!
With the new Microsoft Server 08, using something called Network Access Protection! (NAP)
What can NAP (Network Access Protection) do for me and my network? Using NAP, I can define policies for system health requirements. I can require that all clients that connect to my network have proper antivirus and spyware protection. Not some weak programs that were downloaded for free over the internet, but proper antivirus and spyware protection that is registered with the Windows Security Center. AND THEY ARE UP TO DATE AND RUNNING! I can require that all clients that connect to my network have all of the latest security updates provided by Microsoft installed.
Clients that do not meet my rigid requirements would only be granted restricted access to my network. Maybe to a portion of my network where they can download and install the necessary programs and updated that are required to deem a client worthy of using my network resources! Much like that special room we could send those students that are not protected from the many viruses of the world!
In the public school system, it is only a dream, but in my network it can be a reality!
Using NAP (Network Access Protection)