© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Network Access Protection Working to ensure that laptops don’t infect your network with malware – without buying yet another product

“Third-party security vendors will want to be part of the NAP party” Alan Stevens, IT Week, 30 July

How do you deal with managing the health of machines connecting to your network? Owned Assets Guests \ Consultants Uninvited Visitors

The four elements of NAP NAP is a health solution ! Health Policy Validation Network Restriction Remediation Ongoing Compliance

Network Protection with NAP Requesting access. Here’s my new health status. MS NPS Client VISTA XP SP3 Network Access Device Remediation Servers May I have access? Here’s my current health status. Should this client be restricted based on its health? Ongoing policy updates to Network Policy Server You are given restricted access until fix-up. Can I have updates? Here you go. According to policy, the client is not up to date. Quarantine client, request it to update. Restricted Network Client is granted access to full intranet. System Health Servers According to policy, the client is up to date. Grant access.

NAP Architecture Client SHA – System Health Agents check client state Nap Agent – Coordinates SHA/EC EC – Enforcement Client controls network access Remediation Server Serves up patches, AV signatures, etc. Network Policy Server NAP Server – evaluates client health SHV - System Health Validator evaluates SHA answer from clients System Health Server – Management \ Health products like System Center Configuration Manager NPS Policy Server (RADIUS) NAP Server Client NAP Agent Health policy Updates Health Statements Network Access Requests System Health Servers Remediation Servers Health Certificate Network Access Devices Certificate Services (IPSEC) (SHA) MS SHA, SMS (SHA) MS SHA, SMS System Health Validator (EC) (DHCP, IPSec, 802.1X, VPN ) (SHA) 3 rd Parties (SHA) 3 rd Parties (EC) 3 rd Party EAP VPN’s

NAP - Enforcement Options

What health items can NAP assess? Any application that integrates with the Windows Security Center Firewall Status Automatic Updating Antivirus - Enbabled and Up to Date On Vista: AntiMalware – Enabled and up to date Microsoft System Center Configuration Manager 2007 for software updates. Microsoft Forefront Client Security A range of third health and management products

What do I need to make this work? At least one Windows Server 2008 Network Policy Server Clients must be running Windows XP SP3, Vista or Windows Server 2008 MAC \ Linux clients? We have partners delivering solutions A deployment plan: Reporting Mode Deferred Enforcement Enforcement

NAP works with the Industry Rich Platform APIs for network, security and management ISVs/IHVs Broadly Adopted 120+ partners developing solutions on NAP Anti Virus, network, security vendors + System Integrators Most Interoperable network health Solution Tested with over 98% of switch and access point market Integration with 3 rd party VPN underway Standards NAP Protocol now adopted by Trusted Computing Group as a standard mechanism for communicating health! Protects your customers investments

What is Microsoft Forefront? Microsoft Forefront is a comprehensive line of business security products providing greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis. Edge Client and Server OS Server Applications

IT Service Management Data Protection Manager ‘Service Desk’ Capacity Planner Reporting Manager Operations Manager Client Data Storage & Recovery Problem Management Capacity Management IT Reporting Client Operations Management Configuration Manager Operations Manager Performance & Availability Monitoring Software Update & Deployment Microsoft System Centre Enabler for Microsoft’s Best Practices Microsoft Operations Framework Infrastructure Optimization

Call to action Don’t buy another product without looking closely at the features you’ve already paid for! Stop.

Next steps Receive the latest Security news, sign-up for the: Microsoft Security Newsletter Microsoft Security Notification Service Assess your current IT security environment Download the free Microsoft Security Assessment Tool Find all your security resources here

Session Evaluation Hand-in you session evaluation on your way out Win one of 2 Xbox 360 ® Elite’s in our free prize draw* Winners will be drawn at 3.30 today Collect your goody bag which includes. Windows Vista Business (Upgrade), Forefront Trials, Forefront Hand-On-Labs Security Resources CD I’ll be at the back of the room if you have any questions * Terms and conditions apply, alternative free entry route available.