Network Access Protection Implementation

The following likely NAP scenarios help to illustrate the value of this new platform:

■ Desktop Computers: Desktop computers can pose a threat to the network if they are missing updates, are configured poorly, or have become infected by malware. Each of these situations can allow to wicked individuals to access information that should not leave the organization. Computers might be missing updates because they have been turned off for an extended period of time, or if they were unable to connect to the network for some reason. They could become misconfigured if users have more privileges on their systems than best practices prescribe. They could become infected with malicious software because the user accessed dangerous Web sites or opened files infected with a virus.

■ Roaming Laptops: Although the mobility of laptops has great value, it also increases the risk of compromise beyond that faced by the typical desktop computer. A laptop can be missing updates or the most recent antivirus signatures because the user has not connected the laptop to the corporate network for several weeks. A laptop faces potential attack when used in wireless networks, or when left unattended in a place accessible by untrustworthy individuals. With NAP, administrators can verify the health state of laptops each time they reconnect to the organization’s network, whether via a VPN or when the user returns to the office.

■ Unmanaged Home Computers: Some organizations allow their users to connect to the corporate network through a VPN using their own personal computers. These computers are not under the control of the organization. With NAP, however, network administrators can inspect the health state of these systems every time they establish a VPN connection, and limit access if the systems do not meet health requirements.

■ Visiting Computers: Businesses allow all sorts of people to visit their premises: Consultants, partners, friends of employees, recruits, and vendors may all ask for access to your network. Their computers may not meet the organization’s health policies but with NAP, administrators can evaluate those computers and isolate them on a restricted network. Presumably the restricted network would include Internet access to enable the visitors to access their own e-mail accounts and other outside resources.