NAP is a good foundation for policy-based network access control, but lacks granular controls and easy management
Microsoft NAP is an effective network gatekeeper for Windows endpoints, but initial configuration is complex, policies are basic, and reporting is absent. NAP is best used as a core technology deployed in combination with others for a more complete, manageable, and scalable solution.
The universe of policy-based networking and systems management has evolved over the past few years, and the standards first created by the Trusted Computing Group, Cisco, and Microsoft have merged to create a generalized view of managing and enforcing policy. Although more capable and more polished solutions are available, Microsoft's Network Access Protection (NAP) will undoubtedly be the primary such technology in use in all-Windows environments, even with its limitations.
NAP comprises client and server subsystems with an enforcement architecture based on 802.1X, DHCP, or VPNs together with VLAN assignment within the network to isolate devices when appropriate. NAP services are provided in Windows Server 2008, with Windows Server 2008 R2 adding a few capabilities to the NAP support.
[ The Napera N24 network access control appliance brings NAP services to Windows and Mac endpoints -- sans Windows Server 2008 -- and it couldn't be easier to deploy. See the Test Center's review. ]
Client support is included in Windows Vista, Windows XP Service Pack 3 (SP3), and the Windows 7 Release Candidate. These client services provide posture gathering and reporting to Windows Server 2008 for enforcement and remediation decisions. The NAP components include the posture of the device in a way similar to Windows Security Center, with system update, anti-virus, firewall, and other security status reported back.
The NAP services then analyze the overall posture of each device, match that posture to the NAP policies in the Network Policy Server (NPS), and facilitate enforcement as outlined by those policies. NAP provides roughly the same access control services as third-party NAC solutions we've tested, but without many of the bells and whistles those solutions provide.
NAP in R2
Microsoft continues to develop new features for NAP and related security functions. A number of the improvements in Windows Server 2008 R2 make NAP deployment smoother: specifically the automated setup of the logging database, and multiple out-of-the-box configurations for the System Health Validator (SHV).
|Test Center Scorecard|
|Microsoft Network Access Protection||7||6||8||5||6||8|
Supreme Court's decision is bad news for developers targeting the U.S. market, who will now have to...
Siri gets smarter. Apple Watch gets much more useful. And is Apple Music poised to kill other streaming...
People who have it don’t want it. People who want it don’t have it. Here's how to go from iconed to...
MobileIron, Samsung, and Apple have moved the needle for smartphones and tablets in ways that really...
It's hard enough to fix Internet security without bad behavior from many of the entities that are...
Online tech university Udacity offers 50 percent tuition refunds for completion of its 'nanodegrees,'...
Firefox's tentative plans for the future include ditching its legacy XUL technology, long regarded as a...