NPA (Network Access Protection)

After we have successfully installed NPS (Network Policy Services) we are able to deploy NPA (Network Access Protection). This will further enhance our VPN connections (or even LAN connections if we wanted too).

What is NPA, in a nutshell, it’s a system to enforce certain rules on a PC that is connected to our network. For instance NPA will allow an administrator to enforce that all PC’s have auto update switched on, or even that it is fully patched, before such a PC is allowed full access to the network, if it doesn’t comply with this policy, it is either revoked access, or allowed limited access to certain services, so that it can actually be repaired. In this case, if the PC doesn’t have auto update switched on, it could then be switched on automatically, or if it is not fully patched, we would allow access to a WSUS server, so that it actually can be patched to the level required by the policy. As soon as it has met the requirements, full access is restored. The servers or services are that are used to “repair” a client are called remediation services.

NPS (Network Policy Server)

As promised, I’m going to change our SSTP VPN connection, so that it can take advantage of a proper Radius server for better authentication. The new NPS server role (Network Policy Server) will do just that (and more). NPS is  the new IAS server and we are going to play with this server role, and add PEAP authentication (initially using EAP-MSCHAP V2) and finally using certificates (we do have our own CA, so we are all set for authentication using certificates). In the next post, we are going to use NAP (network access  protection) to further secure our network and VPN connection.