As the saying goes, "The woods are big, what birds have", when the LAN size is large, access to the LAN network client workstation security situation is also uneven, there are only anti-virus software installed, there are only installed firewall, but also installed anti-virus software or firewalls, there is nothing to install. When a workstation that does not take any security measures to access the LAN server, network viruses are likely to attack the server or even the entire LAN network through these workstations, resulting in the server can not provide services to the normal, resulting in the entire LAN network operating efficiency down.
So how can we effectively prevent the client workstations with potential security problems from accessing the LAN server, which poses a huge security threat to LAN servers? To do this, I believe many people will say as long as mandatory workstation system installed anti-virus software, firewall programs, regular installation of update system patches, can ensure that the workstation system security access to the LAN server. That said, but in practice such coercive measures are difficult to enforce; however, in a Windows Server 2008 system environment, we can take advantage of the newly added NAP functionality of the system-network access protection capabilities-for attempts to access Windows Server 2008 Server System of any client workstation system for Safe "physical examination", once you find a client that does not meet the safety and health standards, force it to make security corrections or restrict its network access activities until the client system that does not meet the safety and health standards is in compliance with the access health standard.
To lift the NAP veil
The Chinese name for NAP is network Access Protection, which is the first feature introduced in Windows Vista systems that enforces client workstation systems to conform to network health standards so that only client workstations with secure "health checks" can access the LAN network properly, thereby achieving To prevent network viruses from attacking the server or LAN network for the purpose. With NAP functionality, we can define the network access health policy according to the actual networking situation, and require the health policy validation of the client workstation system connected to the network, and automatically update the client workstation system that conforms to the network access Health standard to ensure the continuous health compliance of the system. At the same time, limit the client workstation systems that are not passed through a secure "physical examination" to the restricted network until they are back to network access health standards.
To enforce compliance with network access health standards for client workstation systems that are at risk for security, NAP operates through system health validators, system run agents, and Third-party network security applications to ensure that clients that do not meet the health "checkup" are working The station system can automatically use our previously designated security solutions, such as updating system patches, installing network firewall programs, installing anti-virus software, using VPN network connections, and so on.
In summary, with the help of NAP functionality, a network administrator can have the Windows Server 2008 Server system automatically perform a secure "physical checkup" for the client workstation without consuming the system resources of the client workstation itself; With the help of NAP features, network administrators can determine that they are accessing the network Client workstation system has access to resource information on the server, and if it is found that the client workstation does not have access permissions, you can make it possible to access restricted network access previously specified by the network administrator without requiring any settings or updates, and with the help of NAP functionality, the network administrator can make Windows The server 2008 servers system automatically provides the most up-to-date updates to client workstations, effectively avoiding potential security threats that may occur when accessing Internet resources.