Advanced Network Access Configuration: The Network Access Quarantine Control

Previous page
Table of content
Next page

As you have seen earlier in this chapter, the normal remote access connections with which you have worked have validated only the credentials of the user. However, with the ever-growing threat to computer networks from viruses, spyware, and other unwanted applications, it only makes sense that a truly secure network would be one that controls which computers can remotely connect to it as well. Once a user has made a remote access connection to your network with his or her computer, that computer becomes part of the network (if only temporarily) and thus can spread unwanted malware.

Exam Alert: Network Access Quarantine Control

This is an advanced topic and not likely to be found on your 70-291 exam, as evidenced by its omission from the exam objectives. It's anticipated that you will likely not have the required environment to implement Network Access Quarantine Control; thus, we will not be examining it in great enough detail in this book to warrant Step by Step exercises. Our coverage here will be limited to an introduction so that you'll at least be familiar with what it does and how it works.


Network Access Quarantine Control, a new feature introduced with Windows Server 2003, is a means to prevent users who possess valid credentials, but who are using computers that do not meet the required corporate configuration, from making remote access connections. As an example, you might not necessarily want a valid user to connect with an incorrectly configured computer that is missing one of the following:

  • A required service pack

  • A required security update

  • Up-to-date, and active, antivirus software

  • A software firewall (such as the Windows Firewall) that is operational on the network adapter

If all of your company's computers are internal and never leave the building, your job would be easier and you would not need remote access or Network Access Quarantine Control. However, it is more common now than ever for valid network users to connect back to the corporate network from any number of locations, such as from home, from a hotel room via a portable computer, or even from an Internet café. To combat the out-of-control problem that keeping all of these computers up to corporate specifications would be, the Network Access Quarantine Control delays remote access by your users to your corporate network until the configuration of the computer they are using has been examined and approved. A special script is provided by an administrator to be used in this examination.

When Network Access Quarantine Control is enabled and configured, a remote access user who successfully authenticates is not just dumped onto the network as he normally would be. Instead, after the user has been authenticated, the computer is granted IP address (as it normally would be) and then the connection is placed into a quarantine, in which network access is substantially limited. The script that was provided for Network Access Quarantine Control is then run on the remote computer to check its configuration. If the script determines that the remote computer is compliant with the policies in effect, then that computer is removed from the quarantine and is provided with normal remote accessas if Network Access Quarantine Control was not in effect. While the computer is in the quarantine, its network access can be restricted by using packet filters to control traffic to or from the computer. Additionally, a time limit can be configured for the quarantine such that the remote computer is automatically disconnected after a set amount of time. If the script determines that the remote computer is not compliant, the script then directs the user to an internal Web page that provides instructions on how to install the required items.

Although Network Access Quarantine Control does appear to be a security solution, it is not that in the most typical sense. While it will increase your overall network security, it does not replace all of the other security considerations you must give to your network. Network Access Quarantine Control was designed not to stop unauthorized users from making remote connections to your network, but instead to stop otherwise authorized users with non-compliant computers from making remote connections to your network.

To learn more about this advanced remote access topic, visit http://www.microsoft.com/technet/itsolutions/network/vpn/quarantine.mspx.



Previous page
Table of content
Next page
MCSA(s)MCSE 70-291(c) Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure
MCSA/MCSE 70-291: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam Prep)
ISBN: 0789736497
EAN: 2147483647
Year: 2006
Pages: 196
Authors: Will Schmied
BUY ON AMAZON
Beginning Cryptography with Java
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Oracle Developer Forms Techniques
Cisco CallManager Fundamentals (2nd Edition)
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy