By Tim Greene, Network World (US)
Security vendors are queuing up to announce their products' compatibility with Microsoft's network access protection. Foundry Networks, McAfee, Symantec, Avenda Systems and a start-up named Napera Networks have all stated that their security platforms can plug into NAP, a key security feature of Windows Server 2008.
In the case of Foundry, this interoperability means that its switches can act as enforcement points for NAP admission policies. NAP clients on Windows computers send health checks; the Microsoft Network Policy Server in Server 2008 evaluates those health checks and, based on the results, instructs the Foundry switches to enforce access restrictions.
McAfee has plans to support NAP starting in March, when it releases a new version of its Network Access Control software. That platform performs health checks on endpoints trying to join networks. Integrated with NAP, the Microsoft NAP agent on the same endpoints taps the health-check results and reports them to the policy server for evaluation.
Symantec has announced similar compatibility between its system-health agent that supplies a detailed assessment of endpoint security and the NAP agent that will be available in April. It supports a range of enforcement options, from client to DHCP, to 802.11X.
Avenda is introducing a NAP client for Linux endpoints that is compatible with Windows Server 2008 NAP features. So, a business that moves to the new Microsoft server can have its Linux endpoints checked within a NAP framework. The vendor also is introducing its Universal System Health Agent, software that grabs pertinent endpoint-posture data and passes it off to a NAP client, providing a more comprehensive view into the endpoint.
Napera is jumping in with an appliance it calls "switch-like" that provides a NAP policy server and enforcement controls that flesh out the Microsoft NAP client in Windows XP and Vista desktop software, said Todd Hooper, CEO of the new firm.
The company's goal is to attract small businesses that use Vista and Windows XP clients that support NAP. Napera believes these customers are interested in access control, but may not buy into Windows Server 2008 NAP because it is too complex, said Hooper. The Napera appliance, to be announced in April, will handle policy assessment and enforcement.