Microsoft has announced enhancements to the company’s
Network Access Protection technology, expected to be a key piece of
its next major release of Windows Server 2003.
As part of the rollout, 25 business partners will pledge support
for the technology.
Network Access Protection makes it easier for remote users to
access their corporate networks and offers a way to reduce the
complexity of network access for IT administrators.
The technology can deliver a consistent way of detecting what
they term a "health state" of a client trying to connect to a
corporate network and restrict access until compliance to a policy
is validated and update the client to the level of the current
security policy.
In his keynote address to Microsoft's Worldwide Partner
conference, Mike Nash, corporate vice-president of Microsoft's
security business and technology unit, emphasised that one of the
highest priorities among administrators is "managing access to IT
resources for users in a safe and secure manner".
"When we introduce this in Windows Server R2, we will create a
set of APIs that the anti-virus developers can write to, so no
matter what anti-virus you are using you can check against that,"
he said.
"It will be the same with the patches and management systems.
You can enforce net management policy but also network access
protection policy in the same breath," said Steve Anderson, one of
the directors of marketing for Windows Server 2003.
The collection of Network Access Protection technologies allows
IT staff to monitor and control network access based on validation
of a computer's compliance to pre-established polices, Anderson
explained. Polices can be defined and managed by administrators and
managed by a central policy co-ordination server.
"Corporate users continue telling us they want to be able to set
up and administer policies flexibly. They feed us this doomsday
situation where they do not want their chief executive on the road
to be blocked from accessing his presentation on the server - even
if that chief executive's machine is not up to security codes. But
if someone like me is calling in, well they can administer a
different set of policies," he said.
The three central functions to Network Access Protection include
network policy validation, which determines whether a networked
client machine is complaint with network policies at the point of
network entry; network restriction, which can automatically
restrict non-compliant client machines to a separate and restricted
network where updates and utilities can bring it back to an
acceptable health state; and network policy compliance, which gives
administrators the tools to bring non-compliant machines back to
good health.
Among the 25 developers endorsing the technology is Juniper
Networks, which is glad to see user, application, and network
policies integrated.
“By working with Microsoft on Network Access Protection we can
further our commitment to open, multi-supplier standards so as to
facilitate secure network user access. This will go a long way
towards providing our customers with a trusted IT environment,"
said George Riedel, Juniper Networks' vice-president of strategy
and corporate development.
Besides Juniper, other suppliers backing the technology include
security supppliers CA, McAfee and Symantec; patch management
suppliers Bindview Development, Citrix Systems, and
Hewlett-Packard; and a handful of networking suppliers including
Enterasys Networks and Extreme Networks.
Microsoft plans to deliver Network Access Protection when it
delivers Windows Server 2003 R2, now planned for the second half of
2005.
Ed Scannell writes for Infoworld