What is Network Access Protection (NAP)?

Instructor: Temitayo Odugbesan

Temitayo has 11+ years Industrial Experience in Information Technology and has a master's degree in Computer Science.

In this lesson,we will be examining the vulnerabilities posed to a corporate network by remote connections and understand the role of Network Access Protection in remote authorised connections.

What is Network Access Protection (NAP)?

Network Access Protection (NAP) is the ability of a company's network to prevent authorized users from remotely logging into the office network using computer systems that have not been through a security vetting in accordance to the company's network security policies .

Imagine you're traveling to the United States, by the virtue of the valid entry visa issued to you, you may be permitted to enter and travel anywhere within the United States. You can also enjoy the same privilege by being a national of a country that needs no visa entry requirements, or by being a citizen of the US (authorized access).

The work place has evolved, and work is no longer restricted within the physical building but also outside of it. This has been made possible with the advancement of wide area networks (WAN) and most importantly Internet access. Depending on location, the worker can log on to servers located in the office building, remotely from his/her home through the WAN or Internet access.

Authorized remote users are granted unlimited access to the company's network as if they are present within the physical building. Through the use of NAP, the company's network administrator can ensure compliance of remote user's computer system or device with the company's network security policy requirements. It however, does not prevent access to the network.

The network security policy is the pre-determined security requirements for every computer system connecting to the company's network. It is a 'living' document hence it is constantly updated in response to changes in technological trends as well as employee access requirements change.

Why Network Access Protection (NAP)?

Imagine foreigners allowed entry into a country without prior knowledge into their criminal background. NAP was developed to handle these remote access threats. The remote computer systems posed threatsfor example, when their security patches are outdated and when they lack fundamental security controls such as updated anti-virus software and firewalls.

It is one thing to enforce security policies on all company-owned computer systems, but when you have authorized remote access users on the company's network, it means they logged on to the network remotely from anywhere in the world, using any device. As a result of this, the company's network is rendered vulnerable when these 'foreign' devices are gaining unrestricted access to the network.

These systems are easily compromised and are often the easy targets of viruses, malware and spyware attacks

Overview of the Network Access Protection Process

The process begins when clients establish a successful remote connection Virtual Private Network (VPN) with the company's network, which runs a server configured with the remote access service called the Routing and Remote Access Service (RRAS).

After the connection has been established, the health of the remote computer is checked against the predefined security policies of the company. These predefined policies will determine what happens to the next connection. These steps are detailed in the NAP components.

Three Network Access Protection Components

Network Policy Validation

An authorized staff initiates a connection to the company's network. The staff's computer system's ''health'' (security configurations) is checked against predefined policies set by the company's system administrator . This results in either the computer system being found compliant (if security configurations are matched) or non-compliant (if the security configurations do not match).

In the event that the computer system is compliant, the staff grants unlimited access to the network and everyone is happy. On the other hand, if the computer system is non-compliant, the staff is not allowed access to the network.

Depending on the predefined policies set by the company, however, may be granted limited access with very little privilege over other network resources such as the company's email servers, and other enterprise resource planning (ERP) servers, both of which are regarded sensitive to an organization's existence.

Under some non-compliant situations, the NAP can also be used to establish restricted network access environments:

  • Monitoring-Only Environment

In this environment, authorized computer systems (though non-compliant and do not have the necessary device ''health'' pass) are granted full access to the network but with their compliance state and activities logged.

  • Isolation Environment

In this environment, non-compliant computer systems are placed in a restricted network. The administrator can set exceptions to the validation process.

  • Health Requirement Policy Compliance

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account