Network Access Protection


Network Access Protection (NAP) is an exciting new solution that will be included in Windows Vista and Windows Longhorn Server.  You can find out some basic information about NAP here: http://www.microsoft.com/nap.


 


The world is becoming increasingly interconnected.  This is great because it enables us to access our information on more devices, in more locations and at all times.  However, these benefits require new approaches to access control.  They require us to go beyond securing the network perimeter to securing the internal network and the hosts themselves.  That’s what NAP is all about – providing integrated access controls across multiple layers in the network and on the hosts.


 


One thing that really sets NAP apart as a solution is the platform approach it takes.  With NAP, customers can provide access controls across virtually any product from any vendor.  Any product that can isolate a non-compliant endpoint can participate in a NAP deployment: VPN gateways, perimeter firewalls, internal firewalls, host firewalls, 802.1x switches, routers, DHCP servers, bump-in-the-wire network security appliances and more.


 


We are starting to showcase NAP integration with the ecosystem.  Bill Gates demonstrated NAP in his RSA keynote in February.  On the floor at RSA, NAP was demonstrated in 14 partner booths in addition to the Microsoft booth.  We also recently participated in iLabs where we got NAP working with 802.1x switches from several vendors. 


 


Mudit Goel, the NAP Development Manager, is busy preparing his presentation for WinHEC.  He’ll provide a deep technical review of Network Access Protection.  Then, he’ll discuss ways that NAP can be extended by network and security ISVs and IHVs.  He’ll focus on 802.1x integration but will cover other kinds of integration as well.  This will be a great session.  We hope to see you there.


 


 


-Paul Mayfield


Group Program Manager


Network Access Protection

Comments (5)

  1. Alun Jones says:

    With the presence of other NAP-like solutions in the market, are you concerned that releasing NAP as part of Longhorn Server, and not back-porting to Windows Server 2003 is going to leave Microsoft as a minor player in this field?

  2. Paul Mayfield says:

    I think the industry is just starting to get its feet wet with NAP-like technologies.  Customers are just beginning to experiment in the labs with today’s products.  Entire companies are being formed to address this space moving forward.  Over the next few years there will be a lot of innovation across the industry.

    We think this is great.  NAP is a platform that works together with 3rd parties to address the customer need.  

    NAP is feature complete in the current Vista CTPs.  We have the NAP clients and servers running in production in Microsoft now as well as at some of our early adoption partners.  Our focus between now and RTM will be to scale those deployments to a massive scale so that we know the technology is proven in production when we ship.  That’s not much different to the sorts of activities that will occur with other solutions in the market.

  3. Christian says:

    As a user who wants his university to just provide him wireless internet access and who is constantly anoyed by the crappy Cisco VPN client: (which already can enforce that all NICs are disabled except the VPN)

    Are there ways to bypass this?

    I mean: Checking whether there is any crappy virus scanner or personal playmobile-firewall activated is something that needs to happen on the client. And then the client reports this to the server, doesn’t it?

    So there must be a way to forge that report. Are you obfuscating everything to make that not happen?

    Is it as easy as writing some reg-key: "Yes, I’m here" and then NAP picks this up as "Norton is installed"?

    Or does every virus scanner get some digital certificate and then shows this to the NAP-server?

    With many virus scanners on the marked it would actually be quite easy to detect that they are running: Those systems are just unresponsive 😉

  4. Santosh Chandwani says:

    What we’re seeing today is just the first generation of NAP-like solutions. These will evolve, mature and become stronger over time. For any of these solutions to be successful, the mere availability of the platform will not suffice. It will be necessary to create an ecosystem of alliances and partners, which together will make a solution successful.

    Customers will have to relearn how to leverage their existing infrastructure and make the biggest productivity gains in the context of this technology. Longhorn Server is a great start in helping customers achieve this. It is also an excellent opportunity for partners to formulate and plan their strategy and solutions that build on this platform.

  5. 1.) At Microsoft we have a group called the Enterprise Engineering Center (EEC). It is a live test bed…