Microsoft enhances network protection

Microsoft has announced enhancements to the company’s Network Access Protection technology, expected to be a key piece of its...

Microsoft has announced enhancements to the company’s Network Access Protection technology, expected to be a key piece of its next major release of Windows Server 2003.

As part of the rollout, 25 business partners will pledge support for the technology.

Network Access Protection makes it easier for remote users to access their corporate networks and offers a way to reduce the complexity of network access for IT administrators.

The technology can deliver a consistent way of detecting what they term a "health state" of a client trying to connect to a corporate network and restrict access until compliance to a policy is validated and update the client to the level of the current security policy.

In his keynote address to Microsoft's Worldwide Partner conference, Mike Nash, corporate vice-president of Microsoft's security business and technology unit, emphasised that one of the highest priorities among administrators is "managing access to IT resources for users in a safe and secure manner".

"When we introduce this in Windows Server R2, we will create a set of APIs that the anti-virus developers can write to, so no matter what anti-virus you are using you can check against that," he said.

"It will be the same with the patches and management systems. You can enforce net management policy but also network access protection policy in the same breath," said Steve Anderson, one of the directors of marketing for Windows Server 2003.

The collection of Network Access Protection technologies allows IT staff to monitor and control network access based on validation of a computer's compliance to pre-established polices, Anderson explained. Polices can be defined and managed by administrators and managed by a central policy co-ordination server.

"Corporate users continue telling us they want to be able to set up and administer policies flexibly. They feed us this doomsday situation where they do not want their chief executive on the road to be blocked from accessing his presentation on the server - even if that chief executive's machine is not up to security codes. But if someone like me is calling in, well they can administer a different set of policies," he said.

The three central functions to Network Access Protection include network policy validation, which determines whether a networked client machine is complaint with network policies at the point of network entry;  network restriction, which can automatically restrict non-compliant client machines to a separate and restricted network where updates and utilities can bring it back to an acceptable health state; and network policy compliance, which gives administrators the tools to bring non-compliant machines back to good health.

Among the 25 developers endorsing the technology is Juniper Networks, which is glad to see user, application, and network policies integrated.

“By working with Microsoft on Network Access Protection we can further our commitment to open, multi-supplier standards so as to facilitate secure network user access. This will go a long way towards providing our customers with a trusted IT environment," said George Riedel, Juniper Networks' vice-president of strategy and corporate development.

Besides Juniper, other suppliers backing the technology include security supppliers CA, McAfee and Symantec; patch management suppliers Bindview Development, Citrix Systems, and Hewlett-Packard; and a handful of networking suppliers including Enterasys Networks and Extreme Networks.

Microsoft plans to deliver Network Access Protection when it delivers Windows Server 2003 R2, now planned for the second half of 2005.

Ed Scannell writes for Infoworld

Read more on Business applications