Protect Remote Access
Updated: February 29, 2012
Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista
In a remote access scenario, corporate resources can be subject to the same risks (for example, viruses and other malicious software) as a remote computer. NAP helps to protect corporate assets by allowing access to authenticated users only and by validating the health of a remote computer before it is allowed full access to the network. Some examples of NAP health requirements for antivirus protection are:
Approved antivirus software is installed and running
Antivirus signatures are up-to-date
Computer has been recently scanned for viruses
Antivirus software reports that the computer is not infected
When a remote computer accesses the corporate network and is found to be noncompliant with health requirements, it is placed on a restricted access network until it can prove its health. Remediation servers are provided so that the client computer can acquire instructions or updates as needed. When the remote computer is compliant with health requirements, it is automatically granted full access to the network. The following illustration shows how NAP enforcement occurs at the point of access for remote users.
A remote user accessing the corporate network over a VPN connection. The health of the remote computer is evaluated, and the computer is granted unrestricted network access if compliant with health policies.
NAP with VPN enforcement and NAP with IPsec enforcement can both be used to protect the corporate network from noncompliant computers when they access the network through a remote connection. You can use one of these methods, or combine them to protect remote access.