Network Access Protection (NAP) is designed to help administrators maintain the health of the computers on the network, which in turns helps maintain the overall integrity of the network. It is not designed to secure a network from malicious users. For example, if a computer has all the software and configurations that the network access policy requires, the computer is considered healthy or compliant, and it will be granted the appropriate access to the network. NAP does not prevent an authorized user with a compliant computer from uploading a malicious program to the network or engaging in other inappropriate behavior.
To protect access to a network, a network infrastructure needs to provide the following areas of functionality:
- Health validation: Determines whether the computers are compliant with system health requirements.
- Network restriction: Restricts access to the network or communication for clients that do not comply with system health requirements.
- Remediation: Provides necessary updates to allow the computer to correct its noncompliant health state.
- Ongoing compliance: Permits access to the network as long as the user's computer meets health policy requirements.
The NAP platform includes the following components:
- NAP Client Architecture
- NAP Server-side Architecture
- NAP Client and Server-side Component Communication
The NAP client requires Windows Vista, Windows XP with SP3, or Windows Server 2008. The NAP health policy server and NAP enforcement points for DHCP, VPN, and IPsec enforcement require Windows Server 2008.