Chapter 9. Understanding Microsoft NAP Solutions
NAC functionality can be a funny thing. Sometimes, technologies that aren't officially recognized or marketed as NAC solutions can provide NAC functions. This is particularly true when it comes to Microsoft. Think again about the most basic functions of NAC:
Keep unwanted devices off of a network
Ensure that authorized devices are compliant and remediate them if they are not
Think back to earlier in this book. If your goal is to keep unwanted devices off of a network, do you really care if the unwanted device has antivirus running and up to date? Do you even want to utilize your computing resources to take the time to check their security posture if you're never going to let them on anyway?
With this thought in mind, let's take a look at a couple of NAC/NAP-like functions that various Microsoft technologies offer. Specifically, let's look at the following:
Microsoft Network Access Protection (NAP)
802.1x via Microsoft
NAQC and 802.1x aren't truly considered NAP and NAC solutions, so they will not be covered in the same format as has been used for the other NAC/NAP solutions so far in this book. However, this chapter describes these technologies and how they could potentially perform some of the NAC/NAP functions that companies are considering.
For Microsoft NAP, the examination entails a more robust and methodical approach. As with the previous NAC/NAP chapters, this chapter will be as objective as possible and will do its best to stick to the facts. This discussion covers Microsoft NAP by doing the following:
Discussing deployment scenarios and topologies
Directly comparing Microsoft NAP to the "Technical Components of NAC Solutions" defined in Chapter 2
After defining the components, providing an analysis of the purpose of the solution and comparing against what is being communicated by the vendor, as well as what is being understood in the marketplace
This chapter will purposely not cover the exact procedures for configuring and setting up the Microsoft NAP. Microsoft created its own documentation on how to do this. This chapter is focused on providing an understanding of the solution, its components, and its purpose.
In discussing these elements of the solution, they will be related to the various types of users who would be accessing the network, including the following:
Authorized/unrestricted user
Authorized/restricted user
Unauthorized user
Mobile user
NOTE
As of this writing, Microsoft NAP has not yet been released. NAP is reliant upon Microsoft Server 2008, which is currently scheduled to be released in February of 2008.