What's New for Network and Edge Protection in Windows Server 2008
Applies To: Windows Server 2008
Network and edge protection technologies can be used to protect your organization's network from external threats and vulnerabilities. In addition, they can be used to manage and control internal network traffic that has a destination outside your network.
Windows Firewall with Advanced Security
Windows Firewall with Advanced Security provides the following new functionality in the Windows ServerĀ® 2008 operating system:
Windows Firewall is turned on by default
Internet Protocol security (IPsec) policy management is simplified
New support for Authenticated IP (AuthIP), which extends the existing support for the Internet Key Exchange (IKE) protocol for negotiating IPsec associations
Support for protecting traffic from domain members to the domain controller by using IPsec
Improved cryptographic support
Settings can change dynamically based on the network location type
Integration of Windows Firewall and IPsec management into a single user interface
Full support for Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) network traffic protection in the Next Generation TCP/IP stack.
Additional resources for Windows Firewall with Advanced Security
Network Policy and Access Services role
The Network Policy and Access Services role encompasses three significant security-related components: Network Policy Server, Network Access Protection, and Routing and Remote Access in Windows Server 2008.
Network Policy Server
Network Policy Server (NPS) allows you to create and enforce organization-wide network access policies for client health, connection request authentication, and connection request authorization. In addition, you can use NPS as a RADIUS proxy to forward connection requests to NPS or other RADIUS servers that you configure in remote RADIUS server groups. NPS provides the following new security-related functionality in Windows Server 2008:
Network Access Protection (NAP)
Support for IPv6
Integration with Cisco Network Admission Control (NAC)
Attributes to identify access clients
Integration with Server Manager
Network policies that match the network connection method
Common Criteria support
Extensible Authentication Protocol Host (EAPHost) and Extensible Authentication Protocol (EAP) policy support
Additional resources for NPS
Network Access Protection
Network Access Protection (NAP) is a new platform and solution that controls access to network resources based on a client computer's identity and compliance with corporate governance policy. NAP allows network administrators to define specific levels of network access based on who a client is, the groups to which the client belongs, and the degree to which that client is compliant with corporate governance policy. If a client is not compliant, NAP provides a mechanism to automatically bring the client back into compliance and then dynamically increase its level of network access. The four key components of NAP are policy validation, network restriction, remediation, and ongoing compliance.
Additional resources for NAP
Routing and Remote Access
The Routing and Remote Access service in Windows Server 2008 provides remote users access to resources on your private network over virtual private network (VPN) or dial-up connections. The following improvements are security-related:
The addition of the Secure Socket Tunneling Protocol (SSTP)
New cryptographic support