Security and Policy Enforcement

Network Access Protection. Network Access Protection (NAP) is a new client health policy creation, enforcement, and remediation technology that is available for Windows XP, Windows Vista, and the Windows Server 2008 operating system. With NAP, administrators can establish and automatically enforce health policies which can include software requirements, security update requirements, required computer configurations, and other settings. For more information visit the NAP Web page.

Highly Secure Wireless and Wired Access. When you deploy 802.1X wireless access points, highly secure wireless access provides wireless users with a security-enhanced, password-based authentication method that is easy to deploy. When you deploy 802.1X authenticating switches, wired access helps you to secure your network by ensuring that intranet users are authenticated before they can connect to the network or obtain an IP address using Dynamic Host Configuration Protocol (DHCP).

Remote Access Solutions. With remote access solutions, you can provide users with VPN and traditional dial-up access to your organization’s network. You can also connect branch offices to your network with VPN solutions, deploy full-featured software routers on your network, and share Internet connections across the intranet.

Central Network Policy Management with RADIUS Server and Proxy. Rather than configuring network access policy at each network access server, such as wireless access points, 802.1X authenticating switches, VPN servers, and dial-up servers, you can create policies in a single location that specify all aspects of network connection requests, including who is allowed to connect, when they can connect, and the level of security they must use to connect to your network.

Filtering of all IP version 4 (IPv4) and IP version 6 (IPv6) traffic entering or leaving the system. By default, all incoming traffic is blocked unless it is a response to a previous outgoing request from the computer (solicited traffic) or unless it is specifically allowed by a rule created to allow that traffic. By default, all outgoing traffic is allowed, except for service hardening rules that prevent standard services from communicating in unexpected ways. You can choose to allow traffic based on port numbers, IPv4 or IPv6 addresses, the path and name of an application, the name of a service that is running on the computer, or other criteria.

Protecting network traffic entering or exiting the computer by using the IPsec protocol to verify the integrity of the network traffic, to authenticate the identity of the sending and receiving computers or users, and to optionally encrypt traffic to provide confidentiality.