Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software

311

312

313

314

315

316

317

318

319

320

A-13

Addendum to the ProCurve Access Control Security Design Guide

Microsoft NAP

■ NAP health policy server (NPS)

The NPS runs on Windows Server 2008 and has the same function as a

RADIUS or IAS server. (NPS replaces IAS in Windows Server 2008.) It

contains all of the network security policies and health state information.

■ Health requirement servers

A health requirement server provides antivirus signature files, software

updates and patches, and other health state information to the NPS.

■ Restricted network

The restricted network is logically or physically separate from the corpo-

rate LAN. It contains the remediation servers and any endpoints that do

not comply with network policy.

■ Remediation servers

Remediation servers contain the latest software updates, antivirus signa-

tures, and other resources that a NAP client needs to become compliant.

■ Active Directory domain service

The Active Directory domain service is not required for health state

validation, but it is necessary for VPN, DHCP, and 802.1X authentication.

Table A-1. Comparison of Microsoft NAP and AAA or NAC Terminology

Microsoft NAP Term AAA or NAC Term Meaning

NAP agent NAC EI agent An application on the endpoint that interacts with

the network access control system

NAP enforcement point Policy enforcement point (PEP) A network component that enforces policies, such

as a switch or access point

NAP health policy server Policy decision point (PDP) A server that accepts access requests from

endpoints and decides whether they can connect

Health requirement server n/a Provides health state information to the NPS

Active Directory Policy repository A database, flat file, or directory that stores

account credentials and security policies

Restricted network Quarantine network A network that is separate from the corporate LAN

to which untested or failed endpoints are confined

until they conform to security policies

Health certificate n/a A certificate that permits an endpoint to

authenticate to the network

Health state Integrity posture The state of an endpoint in terms of its compliance

with network policies

System Statement of Health

(SSoH)

n/a A message sent by the NAP Agent that documents

the endpoint’s health state for each setting