Module Overview. works Identify NAP enforcement options Identify scenarios for NAP usage

Similar documents
Windows Server Network Access Protection. Richard Chiu

Module 9. Configuring IPsec. Contents:

MOC 6421B: Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

The safer, easier way to help you pass any IT exams. Exam : Administering Windows Server Title : Version : V16.

Exam : Title : PRO: Windows Server 2008, Enterprise Administrator Ver :

Correct Answer: C. Correct Answer: B

"Charting the Course... MOC 6435 B Designing a Windows Server 2008 Network Infrastructure Course Summary

Owner of the content within this article is Written by Marc Grote

Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

This course provides students with the knowledge and skills to administer Windows Server 2012.

MCSA Guide to Networking with Windows Server 2016, Exam

Configuring & Troubleshooting a Windows Server 2008 R2 Network Infrastructure

MOC 20411B: Administering Windows Server Course Overview

R5: Configuring Windows Server 2008 R2 Network Infrastructure

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

KNOWLEDGE SOLUTIONS. MIC2823 Implementing and Administering Security in a Microsoft Windows Server 2003 Network 5 Day Course

Designing Windows Server 2008 Network and Applications Infrastructure

Implementing Security in Windows 2003 Network (70-299)

20413B: Designing and Implementing a Server Infrastructure

Server : Manage and Administer 3 1 x

6421A: Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

ACCP-V6.2Q&As. Aruba Certified Clearpass Professional v6.2. Pass Aruba ACCP-V6.2 Exam with 100% Guarantee

NE-2277 Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services

Standard For IIUM Wireless Networking

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

70-647: Windows Server Enterprise Administration. Course Overview. Course Outline

MOC 6420A: Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Reviewer s guide. PureMessage for Windows/Exchange Product tour

New Windows build with WLAN access

Configuring VPN from Proventia M Series Appliance to NetScreen Systems

Domain Isolation Planning Guide for IT Managers

VPN Routers DSR-150/250/500/1000AC. Product Highlights. Features. Overview. Comprehensive Management Capabilities. Web Authentication Capabilities

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT

Administering Windows Server 2012

Configuring VPN from Proventia M Series Appliance to Proventia M Series Appliance

COURSE OUTLINE MOC 20411: ADMINISTERING WINDOWS SERVER 2012 MODULE 1: CONFIGURING AND TROUBLESHOOTING DOMAIN NAME SYSTEM

MTA_98-366_Vindicator930

"Charting the Course... MOC A Planning, Deploying and Managing Microsoft Forefront TMG Course Summary

Administering Windows Server 2012

TopGlobal MB8000 VPN Solution

802.1x Port Based Authentication

Virtual Private Cloud. User Guide. Issue 03 Date

Implementing and Administering Security in a Microsoft Windows 2000 Network Course 2820 Five days Instructor-led Published: February 17, 2004

Case 1: VPN direction from Vigor2130 to Vigor2820

Integrate Routing and Remote Access Service (RRAS) EventTracker v8.x and above

Firewalls, Tunnels, and Network Intrusion Detection

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

BIG-IP TMOS : Implementations. Version

Configuring VPN from Proventia M Series Appliance to Symantec 5310 Systems

Remote Connectivity for SAP Solutions over the Internet Technical Specification

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials

Henk Den Baes Technology Advisor Microsoft BeLux

MCSA Windows Server 2012

Microsoft Exam

MTA: Networking Fundamentals (Course & Labs) Course Outline. MTA: Networking Fundamentals (Course & Labs) 02 Oct

Implementing. Security Technologies. NAP and NAC. The Complete Guide to Network Access Control. Daniel V. Hoffman. WILEY Wiley Publishing, Inc.

Check Point R75 Management Essentials Part 2. Check Point Training Course. Section Heading Index. Module 1 Encryption... 3

COPYRIGHTED MATERIAL. Con t e n t s. Chapter 1 Introduction to Networking 1. Chapter 2 Overview of Networking Components 21.

Using the Terminal Services Gateway Lesson 10

User Directories and Campus Network Authentication - A Wireless Case Study

Pulse Policy Secure X Network Access Control (NAC) White Paper

Unified Services Routers

TABLE OF CONTENTS CHAPTER TITLE PAGE

Administering Windows Server 2012

Cradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

Microsoft Certified Solutions Associate (MCSA)

Course Content of MCSA ( Microsoft Certified Solutions Associate )

Question: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

Configuring the Client Adapter through Windows CE.NET

The StrideLinx Remote Access Solution comprises the StrideLinx router, web-based platform, and VPN client.

Wireless NAC Appliance Integration

BYOD: BRING YOUR OWN DEVICE.

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)

AT&T SD-WAN Network Based service quick start guide

P ART 3. Configuring the Infrastructure

10970B: Networking with Windows Server

Cisco Network Admission Control (NAC) Solution

access link basic service set (BSS) broadband cable ad hoc wireless network Address Resolution Protocol (ARP) broadcast broadcast domain

IBM C IBM Security Network Protection (XGS) V5.3.2 System Administration.

Workshop on Windows Server 2012

See the following screens for showing VPN connection data in graphical or tabular form for the ASA.

Wireless Integration Overview

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Chapter 9. Firewalls

Configuring VLANs CHAPTER

Mobile Network Access Control Extending corporate security policies to mobile devices

Networks with Cisco NAC Appliance primarily benefit from:

KillTest 䊾 䞣 催 ࢭ ད ᅌ㖦䊛 ᅌ㖦䊛 NZZV ]]] QORRZKYZ TKZ ϔᑈܡ䊏 ᮄ ࢭ

Identify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)

Expert Reference Series of White Papers. DirectAccess: The New VPN

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Service Description Safecom Customer Connection Version 3.5

Gigabit SSL VPN Security Router

Virtual Tunnel Interface

Vendor: Cisco. Exam Code: Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0. Version: Demo

IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Transcription:

Module 6: Network Policies and Access Protection

Module Overview Describe how Network Policies Access Protection (NAP) works Identify NAP enforcement options Identify scenarios for NAP usage Describe Routing and Remote Access (RRAS)

Lesson 1: Network Policies Access Protection Identify uses for NAP Describe NAP Describe how NAP integrates with other components Describe NAP architecture Describe Network Layer Protection ti with NAP Describe Host Layer Protection with NAP

Why Use Network Access Protection? Healthy computer Pi Private Network Unhealthy computer

Network Protection Services Overview Network Policy Server (NPS) Network Access Protection (NAP) Policy Server IEEE 802.11 Wireless IEEE 802.3 Wired RADIUS Server RADIUS Proxy Routing and Remote Access Remote Access Service Routing Health Registration Authority (HRA)

Network Access Protection Solution Policy Validation Network Restriction Remediation Ongoing Compliance Data Application Host Internal Network Perimeter Polices, Procedures & Awareness

NAP Architecture Overview Remediation Servers System Health Servers Updates Client System Health Agent (SHA) MS and 3rd Parties Quarantine Agent (QA) Enforcement Client (EC) (DHCP, IPSec, 802.1X, VPN) Health Statements Health Certificate Network Access Requests Network Access Devices and Servers Health policy MS Network Policy Server System Health Validator Quarantine Server (QS)

Network Layer Protection with NAP Restricted Network Remediation Servers System Health Servers Here you go. Client Can I have updates? Requesting May I have access? access. Here s Here s my current my new health health status. status. Ongoing policy updates to Network Policy Server Should this client be restricted based on its health? According to policy, MS NPS You are given According the client to is policy, not up to restricted access the 802.1x date. client Quarantine is up to until fix-up. Switch Client date. client, is granted request it access to to full update. intranet. dt t Grant access.

Host Layer Protection with NAP No Policy Authentication Optional Authentication Required May I have a health certificate? Here s my SoH. Client ok? Client You don t get a health certificate. Here s your health certificate. Go fix up. I need updates. HRA Accessing the network Here you go. No. Yes. Needs Issue fix-up. health certificate. NPS Remediation Server

Lesson 2: Enforcement Options Identify the NAP enforcement options Show how NAP works with DHCP enforcement Show how NAP works with IPsec-based communication Show how NAP works with RRAS

NAP Enforcement Options Enforcement DHCP VPN 802.1X IPsec Healthy Client Full IP address given, full access Full access Full access Can communicate with any trusted peer Unhealthy Client Restricted set of routes Restricted VLAN Restricted VLAN Healthy peers reject connection requests from unhealthy systems Complements layer 2 protection Works with existing servers and infrastructure Offers flexible isolation

NAP with DHCP I need to Lease an IP address IEEE 802.1X Requesting access. Devices Here s my new health status. Client DHCP Server NPS Server The client requests and receives updates Remediation Servers VPN Server You are not within the Health Policy requirements Access Granted. Here is your new IP Address

IPsec-based Communication Secure network IPsec Authenticated Unauthenticated Restricted network Boundary network

NAP with RRAS PEAP Messages RADIUS Messages Client VPN Server NPS Server Remediation Servers

Lesson 3: Network Access Protection Scenarios Describe a roaming laptops NAP scenario Describe a desktop computers NAP scenario Describe a visiting laptops NAP scenario Describe an unmanaged home computer NAP scenario

Scenario 1: Roaming Laptops NAP

Scenario 2: Health of Desktop Computers Network Policy Server

Scenario 3: Health of Visiting Laptops Network Policy Server

Scenario 4: Unmanaged Home Computers

Lesson 4: Routing and Remote Access (RRAS) Plan RRAS Configuration Describe Scenarios and Features of Microsoft RRAS Configure SSTP remote access servers Configure SSTP remote access clients Using Packet Filtering i How Packet Filters Are Applied

RRAS configuration considerations VPN Client VPN Server IP Addressing Tunneling Remote Access Policy Filtering

Features of Microsoft RRAS Scenarios Remote access Site-to-site to connectivity Internet access router LAN router Optional Features RRAS packet filter configuration Connection Manager Administration Kit Multicast scope configuartion Unicast routing Authentication schemes Strong encryption

Configure SSTP Remote Access Server Configure the RRAS Server: Install Active Directory Certificate Services and Web Server Create and install the Server Authentication certificate Install Routing and Remote Access Configure Routing and Remote Access

Configure SSTP Remote Access Client Configure the SSTP enabled client: Windows Vista with Service Pack 1 is required for SSTP VPN Obtain a trusted root CA certificate Move the certificate to the Trusted Root Certification Authorities location Configure an SSTP-based connection

Using Packet Filtering Packet filtering gprevents certain types of packets from being sent or received across a router Inbound Filter Router Use packet filtering to: Outbound Filter Prevent access by unauthorized computers Prevent access to resources Improve network performance

How Packet Filters Are Applied Packet Router Inbound Exclusion Filter Component Example Component Example Source network 192.168.0.48 Source network Any Destination Destination network 192.168.0.32168 network 192.168.0.32168 Protocol UDP Protocol UDP Action: Drop How filters are applied: AND is used within a filter OR is used between filters

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback