Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
321322323324325326327328329330
A-17
Addendum to the ProCurve Access Control Security Design Guide
Microsoft NAP
If the values are the same, the NPS declares the endpoint compliant and grants
it access to the network. If the values are different, the NPS orders the NAP
enforcement point to either confine the endpoint to the restricted network or
to give the endpoint limited access until it is compliant. The NPS also issues
the NAP client instructions on how the endpoint can become compliant.
In addition to making compliance-based access control decisions, the NPS can
act as a traditional RADIUS server and authenticate and authorize users.
Health Requirement Servers
Health requirement servers maintain the current requirements for patches,
updates, settings, and so forth. Each SHV on the NPS is associated with a
health requirement server and obtains the current requirements from it (much
as a RADIUS server can look up usernames and passwords in a directory).
Network Access Methods
This section provides step-by-step overviews for how an endpoint connects
to a network that uses NAP. NAP currently supports four access methods:
IPsec
802.1X
DHCP
VPN
Note In the sections below, an endpoint is described as achieving unrestricted or
restricted access. However, other security methods (such as an access control
list [ACL]) can limit the rights of an endpoint with unrestricted access.
IPsec
IPsec is a Windows-specific method for network access. With this method,
endpoints must have health certificates to communicate with other healthy
endpoints. The certificates not only prevent non-compliant endpoints from
communicating with healthy endpoints; they also secure communications.
NAP divides the network into three logical networks, shown in Figure A-5.