Use NAP to make Windows 2008 a client "health check"

Source: Internet
Author: User
Tags firewall

As the saying goes, "The woods are big, what birds have", when the LAN size is large, access to the LAN network client workstation security situation is also uneven, there are only anti-virus software installed, there are only installed firewall, but also installed anti-virus software or firewalls, there is nothing to install. When a workstation that does not take any security measures to access the LAN server, network viruses are likely to attack the server or even the entire LAN network through these workstations, resulting in the server can not provide services to the normal, resulting in the entire LAN network operating efficiency down.

So how can we effectively prevent the client workstations with potential security problems from accessing the LAN server, which poses a huge security threat to LAN servers? To do this, I believe many people will say as long as mandatory workstation system installed anti-virus software, firewall programs, regular installation of update system patches, can ensure that the workstation system security access to the LAN server. That said, but in practice such coercive measures are difficult to enforce; however, in a Windows Server 2008 system environment, we can take advantage of the newly added NAP functionality of the system-network access protection capabilities-for attempts to access Windows Server 2008 Server System of any client workstation system for Safe "physical examination", once you find a client that does not meet the safety and health standards, force it to make security corrections or restrict its network access activities until the client system that does not meet the safety and health standards is in compliance with the access health standard.

To lift the NAP veil

The Chinese name for NAP is network Access Protection, which is the first feature introduced in Windows Vista systems that enforces client workstation systems to conform to network health standards so that only client workstations with secure "health checks" can access the LAN network properly, thereby achieving To prevent network viruses from attacking the server or LAN network for the purpose. With NAP functionality, we can define the network access health policy according to the actual networking situation, and require the health policy validation of the client workstation system connected to the network, and automatically update the client workstation system that conforms to the network access Health standard to ensure the continuous health compliance of the system. At the same time, limit the client workstation systems that are not passed through a secure "physical examination" to the restricted network until they are back to network access health standards.

To enforce compliance with network access health standards for client workstation systems that are at risk for security, NAP operates through system health validators, system run agents, and Third-party network security applications to ensure that clients that do not meet the health "checkup" are working The station system can automatically use our previously designated security solutions, such as updating system patches, installing network firewall programs, installing anti-virus software, using VPN network connections, and so on.

In summary, with the help of NAP functionality, a network administrator can have the Windows Server 2008 Server system automatically perform a secure "physical checkup" for the client workstation without consuming the system resources of the client workstation itself; With the help of NAP features, network administrators can determine that they are accessing the network Client workstation system has access to resource information on the server, and if it is found that the client workstation does not have access permissions, you can make it possible to access restricted network access previously specified by the network administrator without requiring any settings or updates, and with the help of NAP functionality, the network administrator can make Windows The server 2008 servers system automatically provides the most up-to-date updates to client workstations, effectively avoiding potential security threats that may occur when accessing Internet resources.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.