We use Forescout here. http://www.forescout.com/
Daniel Ratliff From: [email protected] [mailto:[email protected]] On Behalf Of Marcum, John Sent: Thursday, January 16, 2014 2:11 PM To: [email protected] Subject: [mssms] RE: NAP We are implementing hardware NAC ________________________________ John Marcum Sr. Desktop Architect Bradley Arant Boult Cummings LLP ________________________________ From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Thursday, January 16, 2014 12:56 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: NAP Totally correct on no exact equivalent – the article is just trying to point you to possible alternatives. They are deprecating pretty much all of their network security solutions – TMG, UAG, anything named Forefront (except FIM which I expect to be rebranded at some point). This is a strategic decision from Microsoft to exit the network related security market – basically, it was an investment that wasn’t taken advantage of by customers and they made a strategic decision to stop development on them. This is also why Forefront Endpoint Protection was renamed to System Center Endpoint Protection (please smack anyone you hear calling it FEP still). As for alternatives, that’s a better question for others more familiar with the solutions although all the big network security players have NAC type solutions to my knowledge. J From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Ryan Shugart Sent: Thursday, January 16, 2014 12:10 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: NAP Hi Jason: Thanks for the response. You’re right that deprecated doesn’t mean supported, but I’m also sure I want to start out and implement a newly deprecated solution. Any ideas why MS is choosing to deprecate NAP? I really don’t think there’s anything in Config Manager that’s equivalent to the idea of NAP in that we’re looking for the whole “You’re quarenteened until we know for sure you’re up to date” thing. And our concern is machines coming onto the network that may not have an up-to-date SCCM client installed, while we have procedures in place to get the client updated, we don’t want the machine on the network able to talk to others until that machine is healthy. Ryan From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Thursday, January 16, 2014 9:33 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: NAP The NAP feature set in ConfigMgr (2007 and 2012) is a “plug-in” (SHV and SHA) for Windows Server NAP and requires Windows Server NAP. The article doesn’t say that ConfigMgr has NAP or use ConfigMgr NAP instead (because there’s no such thing), it says to use (other) native ConfigMgr functionality to fulfill the requirements of a NAP solution. Do those feature sets truly fulfill your requirements? Only you can answer that. Note also though that deprecated doesn’t mean not supported or not working, just that they won’t be doing anything with it in the future. J From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Ryan Shugart Sent: Wednesday, January 15, 2014 1:04 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] NAP Hi: We’re looking at implementing NAP here, and I’ve been looking into the various options. According to this link: http://technet.microsoft.com/en-us/library/hh831683.aspx NAP in Windows Server 2012R2 is deprecated, and it is suggested to use SCCM 2012R2 as a NAP replacement. I know SCCM 2007 had NAP, but I’m not seeing where NAP controls are in 2012R2, I’d just like to confirm that 2012R2 supports NAP? I know you can do NAPlike checks using configuration baselines, but we’re also looking for the whole quarenteen the machine if it doesn’t meet the baselines or doesn’t have an active client installed. I’m not sure you can go that far with SCCM, can someone correct me if I’m wrong? Basically we’re looking for a way to prevent situations like someone turning on a machine that’s not been on in six months, letting it get onto the network with out of date patches or virus definitions and then get infected. Thanks. Ryan Ryan Shugart LAN Administrator MiTek USA, MiTek Denver 314-851-7414 © COPYRIGHT, MITEK HOLDINGS, INC., 2011-2013, ALL RIGHTS RESERVED ________________________________ This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying, or use of this communication or the information in it is strictly prohibited. If you have received this communication in error, please notify the sender immediately and then destroy any copies of it. © COPYRIGHT, MITEK HOLDINGS, INC., 2011-2013, ALL RIGHTS RESERVED ________________________________ This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying, or use of this communication or the information in it is strictly prohibited. If you have received this communication in error, please notify the sender immediately and then destroy any copies of it. ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
