Chapter 7.  Step 3. Determine the Enforcement Layer

In previous steps, it was determined that clients connect to the network locally. The purpose of this step is to determine whether to enforce NAP restrictions at each host using IPsec or to enforce it on the network. Each approach has unique strengths and weaknesses.

Option 1: Enforce Restrictions at the Hosts

With IPsec enforcement, hosts on the network will ignore traffic from client devices that have not proven that they meet the organization’s health policies. This is a powerful method of protecting compliant computers from other computers. Additionally, it can be combined with server and domain isolation to ensure that when a system has demonstrated its compliance, it will still be restricted ...

Get Selecting the Right NAP Architecture now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.