NAP Validator |
Overview Microsoft® Network Access Protection (NAP) is a policy enforcement platform built into Windows OS that allows you to better protect network assets by enforcing compliance with system health requirements. With NAP, you can create customized health requirement policies to validate computer health in the following cases: •before allowing access or communication, •automatically update compliant computers to ensure ongoing compliance, •optionally confine noncompliant computers to a restricted network until they become compliant. Detailed description of NAP technology is given on Microsoft company web site. NAP in Dr.Web Enterprise Security Suite Dr.Web Enterprise Security Suite allows you to use the NAP technology to check health of Dr.Web anti-virus software on protected workstations. This functionality is provided by use of Dr.Web NAP Validator. Means of Health Validation •A NAP health policy server which is installed and configured in the network. •Dr.Web NAP Validator which is an implementation of NAP System Help Validator (SHV) with use of Dr.Web custom policies extensions. This component is installed on the computer where the NAP server resides. •System Health Agents (SHAs) which are installed automatically on the workstations during installation of Dr.Web Agents. •Dr.Web Server which serves as the NAP remediation server and ensures health of anti-virus software on workstations.
Diagram of the anti-virus network when NAP is used Workstation Validation Procedure 1.Validation is activated when you configure the corresponding settings of the Agent. 2.The SHA connect to Dr.Web NAP Validator installed on the NAP server. 3.Dr.Web NAP Validator determines compliance of workstations against the health requirement policies as described below. To determine health compliance, NAP Validator checks workstation anti-virus state against the corresponding health requirement policies, and then classifies the workstation in one of the following ways: •Workstations which meet the health policy requirements are classified as compliant and allowed unlimited access and communication on the network. •Workstations which do not meet at least one requirement of the health policy are classified as noncompliant and have their access limited to Dr.Web Server only. The Server allows noncompliant workstations to update the system with the necessary anti-virus settings. After update, the workstations are validated again. 1.Dr.Web Agent must be started and running (Agent health). 2.Dr.Web virus databases must be up-to-date, i.e. databases on the workstation must be similar to those on the Server. After installation of Dr.Web NAP Validator (see , p. Installing NAP Validator) on a computer where a NAP server resides, you need to perform the following actions: 1.To open NAP server configuration component, run the nps.msc command. 2.In the section, select . 3.In the opened window, open properties of the following elements: •. In the settings windows, set the flag which prescribes to use Dr.Web NAP Validator component policies. To classify workstations as compliant only when all health policy requirements are met, select in the drop-down list. •. n the settings windows, set the flag which prescribes to use Dr.Web NAP Validator component policies. To classify workstations as noncompliant if any of the health policy requirements are not met, select in the drop-down list. |