Since the launch of the Windows Vista operating system, discussions on how UAC and Windows Defender protect Vista have filled the entire security field. While talking about the Vista security mechanism, everyone ignores the NAP function, which can improve Microsoft's security policy management and policy enforcement capabilities. Microsoft has high hopes for NAP to ensure the security of network connections.
The full name of NAP is Network Access Protection, which is the Network Access Protection. It is a security mechanism built into the Windows Longhorn Server and Windows Vista client operating system. If you are familiar with the Server operating system Windows Server 2003, you should be familiar with Network Access Isolation Control (Network Access Quarantine Control). NAP is an extension of this function.
Every computer connected to a local network is a potential threat. You cannot know whether Microsoft's latest security patches are installed on each computer, whether spyware is installed, and whether an appropriate firewall is configured. Any computer has security problems, computers on the local network are at risk.
Therefore, to protect network security, you must create a "security policy" to allow each computer to connect to the local network. However, not all users consciously abide by this security policy. Microsoft finds a mandatory security policy for all users: checks whether a system has met the standard, in this way, you can decide whether to prevent them from connecting to the network or allow them to access the network. This is the application of NAP and Microsoft's health policy platform.
NAP allows the user to monitor the security status of any computer trying to access the user's network, and ensure that the connected computer has security measures that comply with the user's health policy. Computers that do not comply with the user's health policy will be connected to a restricted network environment in which users can store security software, this helps computers with poor security to improve security levels that meet user requirements.
Currently, NAP has been embedded in Windows Server (now called "Longhorn") and can be used together with Windows Vista, or work with Windows XP clients running the NAP client plug-in (the NAP client plug-in will be released simultaneously when the new Server OS is released, the xp nap client is currently in Beta testing ). According to Microsoft staff, Windows Server 2003 may also become a NAP client.
You don't have to worry about the compatibility of this feature, because Microsoft said it would develop the NAP into an open security architecture standard and more hardware will support it.
NAP is not a comprehensive security mechanism
NAP cannot replace other security systems in the system, such as anti-virus software, firewall, and intrusion detection. In fact, NAP only serves to check whether the computer to be connected to the network has complete security patches, whether there are security configuration errors or not to improve the security of your computer.
Applicable NAP Systems
Windows users do not have to worry about usage issues. Even if XP does not support NAP, Microsoft has promised to develop a NAP client for XP. Note that the NAP Server is a Network Policy Server (NPS ). NPS is a component in Longhorn that replaces the IAS (Internet Authentication Service) function in Windows Server 2003. Our Server operating system must use Longhorn to apply to the entire local network.
How NAP works
As mentioned above, not all computers that want to enter comply with the security policy. If a computer that does not meet the requirements is not forcibly prohibited, we also have other options:
1. allow it to access the network, but mark the specific information in the Log so that you can track it to see if it finally meets the requirements;
2. allow it to access a restricted network instead of the entire network. This is useful, so that you can provide related resources (such as related security updates, anti-virus software, or some system patches) in the restricted network ), so that the user can correct the computer to eventually meet the requirements. You can also restrict computers that do not meet the requirements so that they can only access the network within the specified length.
Summary
According to the security status of the computer to control its network activities, NAP can be said to be a very advanced network security solution, I think users do not have to start to pick up problems for Microsoft so early, maybe, this NAP really won't disappoint us.