Nevis is a member of the Microsoft Network Access Protection (NAP) program. NAP is a policy enforcement platform built into the Windows Vista™ and Windows Server™ “Longhorn” operating systems that allows users to better protect network assets from unhealthy computers by enforcing compliance with network health policies. With Network Access Protection, you can create customized health policies to validate computer health before allowing access or communication, automatically update compliant computers to ensure ongoing compliance, and optionally confine noncompliant computers to a restricted network until they become compliant. NAP-enabled networks require systems that are connecting to the enterprise LAN to be subject to a “posture check” that determines if the system’s operating system, patch levels and anti-virus/spyware are up to date according to the network’s policy. Windows Vista clients connect to the Windows Server to determine whether the client’s posture conforms to the current health policy, however, there is no inherent policy enforcement mechanism provided by Microsoft that would deny users access to the network, nor is there a plan to extend NAP to pre-Vista clients, which are not capable of communicating their health status. Nevis Networks’ LANenforcer security appliances extend the Microsoft NAP framework through the following scenarios:
- For Windows Vista clients, LANenforcer is the policy enforcement point on the network, preventing non-compliant endpoints from accessing critical network assets, or placing the offending endpoint into a quarantine subnetwork containing Microsoft Quarantine Servers for remediation.
- For non-NAP clients, such as legacy Windows systems, or even non-Windows systems, LANenforcer provides the Nevis proprietary posture-check agent which provides the health status of the system in comparison to the NAP policy contained on the Windows Server.NAP defines three access and authentication protocols for assessing the posture information on the client: DHCP, 802.1x, and IPsec. Nevis is currently the only vendor that supports all three protocols, reducing deployment issues and providing maximum flexibility for administrators and end users.
Without Nevis Networks’ LANenforcer, endpoints that do not conform to the enterprise NAP posture policy would still be allowed free reign over the network because there is no enforcement mechanism to check and control their packets from accessing critical network resources. Nevis furthers the NAP capability to all non-Vista client endpoints, as well as non-Windows systems. Nevis, in fact, goes beyond initial endpoint posture checks, and continuously rechecks the endpoint for continued compliance (e.g., anti-virus has been disabled after connection) during the network session. In addition, Nevis also protects the network against network threats and malware that evade the up-to-date anti-virus system, such as zero-day attacks, by constantly checking for network traffic and behavior anomalies, as well as attack signatures. Nevis LANenforcer, in combination with NAP, can deliver a more comprehensive threat solution at industry leading cost-performance.
“Through strategic partnerships with leading security vendors, our Network Access Protection program provides customers with a means of protecting network assets and users from threats by proactively enforcing endpoint policy compliance before any user is granted access to the network. We are pleased that Nevis is joining our program; LANenforcer compliments Network Access Protection and the combination of the two solutions provides customers with a comprehensive holistic approach to meet today’s LAN security challenges.”
Mike Schutz Group Product Manager, Windows Server Division Microsoft Corporation