Overview
Microsoft Network Access Protection (NAP) is a policy enforcement platform built into Windows OSs that allows you to better protect network assets by enforcing compliance with system health requirements.
With NAP, you can create customized health requirement policies to validate the health of computers in the following cases:
•before allowing access or communication,
•automatically update compliant computers to ensure ongoing compliance,
•adapt computers to meet established requirements.
For a detailed description of the NAP technology see Microsoft Docs.
NAP in Dr.Web Enterprise Security Suite
Dr.Web Enterprise Security Suite allows you to use the NAP technology to check health of Dr.Web anti-virus software on protected workstations.
The following tools are used for health validation
•A NAP health policy server installed and configured in the network.
•Dr.Web NAP Validator which is an implementation of NAP System Help Validator (SHV) using Dr.Web custom policy extensions. This component is installed on the computer where the NAP server is located.
•System Health Agents (SHAs) which are automatically installed on the workstations during the installation of Dr.Web Agents.
•Dr.Web Server which acts as the NAP remediation server and ensures the health of anti-virus software on workstations.
|
Dr.Web Server |
|
NAP Server + Dr.Web NAP Validator |
|
Protected computer, compliant |
|
LAN, Internet |
|
Protected computer, non-compliant |
|
|
Diagram of the anti-virus network when using NAP
Workstation Validation Procedure
1.Validation is activated when you configure the appropriate settings of Dr.Web Agent.
2.The SHA connects to Dr.Web NAP Validator installed on the NAP server.
3.Dr.Web NAP Validator determines the compliance of workstations with the health requirement policies as described below. To determine health compliance, NAP Validator checks the status of anti-virus software on a workstation against the corresponding health requirement policies, and then classifies the workstation in one of the following ways:
•Workstations that meet the health policy requirements are considered compliant and allowed unlimited access and communication on the network.
•Workstations that do not meet at least one requirement of the health policy are considered non-compliant and their access is limited to Dr.Web Server only. Dr.Web Server allows non-compliant workstations to update the system with the necessary anti-virus settings. After the update, the workstations are validated again.
1.Dr.Web Agent must be started and running.
2.Dr.Web virus databases must be up-to-date, that is the databases on the workstation must have the same version as those on Dr.Web Server.
After installing Dr.Web NAP Validator (see the Installation Manual, section Installing NAP Validator) on the computer where a NAP server is located, you should perform the following actions:
1.Open the NAP server configuration component by running the nps.msc command.
2.In the Policies section, select Health Policies.
3.In the window that opens, open the properties of the following elements:
•NAP DHCP Compliant. In the settings windows, set the Dr.Web System Health Validator flag which specifies the use of the Dr.Web NAP Validator component policies. To classify workstations as compliant only if all health policy requirements are met, select Client passed all SHV checks from the drop-down list.
•NAP DHCP Noncompliant. In the settings windows, set the Dr.Web System Health Validator flag which specifies the use of the Dr.Web NAP Validator component policies. To classify workstations as non-compliant if any of the health policy requirements are not met, select Client failed one or more SHV checks from the drop-down list.