Search This Blog

Tuesday, June 9, 2009

Network Access Protection with DHCP Enforcement

i have set up a simulation lab for Network Access Protection (NAP) technology.
NAP is consider as pre-admission method whereby workstation is check first for compliant before access to the network. By using NAP, you can make sure that workstation connect to network must has the following features:-
-firewall is on
-antivirus is on and up to date
-antispyware is on and up to date
-automatic update is on and up to date.

With Windows Server 2008 R2, you also can perform DHCP NAP (Allow or Deny filter) for MAC Address and IP Address.

For those who are familar with virus characteristic, majority of the viruses/worm will disable antivirus, antispyware and automatic windows update program.

By having a solution to check every workstation when connect to network, you've secure and prevent any infection from spreading to other computer.

This technology has save a lot of administrator job and secure your network.
So the final result is:-
a) compliant- allow in the network
b) Not compliant - not allow in the network

Here is my simulation environment:-
a) Domain Controller
b) NPS Server with NAP Roles
c) DHCP Server with NAP enabled
d) Client:- Windows Vista, XP with SP3, Windows 7 RC
(The client is either join to domain or workgroup)
e) Remediation server such as WSUS, Antivirus server.
f) Another deployment method is whereby DHCP server is located in another server.I need to configure RADIUS proxy in order to support NAP features.

Cheer NAP!