Microsoft announces enhanced network protection

TORONTO -- Microsoft at its Worldwide Partner Conference here on Tuesday will announce enhancements to the company’s Network Access Protection technology, expected to be a key piece of its next major release of Windows Server 2003. As part of the rollout, 25 business partners will pledge support for the technology.

Network Access Protection makes it easier for remote users to access their corporate networks and offers a way to reduce the complexity of network access for IT administrators. The technology, according to company officials, can deliver a consistent way of detecting what they term a "health state" of a client trying to connect to a corporate network.

It can also restrict access until compliance to a policy is validated and update the client to the level of the current security policy, they said.

In his keynote address Tuesday, Mike Nash, corporate vice president of Microsoft's Security Business and Technology Unit, is expected to emphasize that one of the highest priorities among administrators now is "managing access to IT resources for users in a safe and secure manner." And with support from a range of top-tier developers for the upcoming technology, Microsoft believes it can make it happen sooner rather than later.

"When we introduce this in Windows Server R2, we will create a set of APIs that the anti-virus developers can write to, so no matter what anti-virus you are using you can check against that. It will be the same with the patches and management systems you are using. You can enforce Net management policy but also network access protection policy in the same breath," said Steve Anderson, one of the directors of marketing for Windows Server 2003.

The collection of Network Access Protection technologies let IT staffs monitor and control network access based on validation of a computer's compliance to pre-established polices, Anderson explained. Network access polices can be defined and managed by administrators and managed by a central policy coordination server.

"Corporate users continue telling us they want to be able to set up and administer policies flexibly. They feed us this doomsday situation where they do not want their CEO on the road blocked from accessing his presentation on the server -- even if that CEO's machine is not up to security codes. But if someone like me is calling in, well they can administer a different set of policies," Anderson said.

The three central functions to Network Access Protection include network policy validation, which determines whether a networked client machine is complaint with network policies at the point of network entry;  network restriction, which can automatically restricts non-compliant client machines to a separate and restricted network where updates and utilities can bring a client back to an acceptable health state; and network policy compliance, which gives administrators the tools to bring non-compliant machines back to good health.

Among the 25 developers endorsing the technology is Juniper Networks, which is glad to see user, application, and network policies integrated under one roof.

“By working with Microsoft on Network Access Protection, I think we can further our commitment to open, multi-vendor standards so as to facilitate secure network user access. This will go a long ways towards providing our customers a trusted IT environment and user experience," said George Riedel, Juniper Networks' vice president of strategy and corporate development.

Besides Juniper, other vendors backing the technology include security vendors such as Computer Associates, McAfee, and Symantec; patch management suppliers such as Bindview, Citrix, and Hewlett-Packard; and a handful of networking vendors including Entersys Networks and Extreme Networks.

Microsoft plans to deliver Network Access Protection when it delivers Windows Server 2003 R2, now planned for sometime during the second half of 2005.