“Today [Thursday] welcomes Vista to market, at least to the businesses that have early access to Vista. While Vista brings promises for better security – IPv6 kernel, whole disk encryption and more – it only marks the client phase for Microsoft Network Access Protection. Network Access Protection requires support for both client and server which means enterprises will have to write until the end of 2007 when Windows Longhorn Server is available to fully deploy NAP. Many companies need NAC now and can’t wait another year, as evidenced by a recent Infonetics Research study that suggests 60 percent of North American large enterprises will have NAC deployed by the end of 2008.”
Whereis NAP besides the requirement of having a client and server any different from ipsec?
Well, NAP is a way to lock down internet access in some form.
I’m all for secure communications, but I’m afraid that, in the future, it will be possible to restrict information transfer to MS-approved sites.
EDIT: I mean, this scheme is very secure and powerful. However, the way they do it does hint at this.
Edited 2006-12-02 07:31
Seems that nap is a double edged sword.MS can and probably will restrict this way access to online update services?
So, it’s Network Access Protection, well-formed naming like DRM. So it protects you ? Well, yes, if controlling and restricting your network access with centralized policies means that. The NAC (Network Access Control) one at least is what it means.
And those companies… they, we don’t know how it will work, when it will be shipped, yet they can’t wit another year that eager they are to deploy it. Well, good for them. What about the mentioned StillSecure’s Safe Access, which can be deployed even now ? It seems decent, how will MS’s one be better (well, it shouldn’t necessarily be better in order to sell it by the dozen, still) ?
s/write/wait/
You can decide to force current anti-virus DATS and OS patches and up to date software before you allow access to your corporate LAN.
“Network Access Protection (NAP) is a policy enforcement platform built into the Microsoft Windows Vista and Windows Server Code Name “Longhorn” operating systems that allows you to better protect network assets by enforcing compliance with system health requirements. With Network Access Protection, you can create customized health policies to validate computer health before allowing access or communication, automatically update compliant computers to ensure ongoing compliance, and optionally confine noncompliant computers to a restricted network until they become compliant.”
http://www.microsoft.com/technet/network/nap/default.mspx
“Network Access Protection (NAP) is a policy enforcement platform built into the Microsoft Windows Vista and Windows Server Code Name “Longhorn” operating systems that allows you to better protect network assets by enforcing compliance with system health requirements. With Network Access Protection, you can create customized health policies to validate computer health before allowing access or communication, automatically update compliant computers to ensure ongoing compliance, and optionally confine noncompliant computers to a restricted network until they become compliant.”
Which would translate as lockout for older clients. And since people won’t jump on Vista, 60% by 2008 is a pipe dream. It is more like 0.6% until 2008
Which would translate as lockout for older clients.
And since people won’t jump on Vista, 60% by 2008 is a pipe dream. It is more like 0.6% until 2008
Weblogs I’ve seen have Vista at .11% already, about 30% of what Linux has and thats from logs for all of November, before Vista was released.
My school has this now. Its not from MS, but no machine can be registered on the network without passing a scan first. And we have continuous scans to find unhealthy machines and knock them off the network. Cuts down on the zombie machines considerably.