Information Technology Reference
In-Depth Information
In the Protocol drop-down box, select TCP.
Enter
7250
in both the Source Port and Destination Port text boxes.
10.
Click OK to return to the Inbound Filters screen.
11.
For the Filter Action setting, select the Permit Only the Packets Listed Below radio
button, and then click OK to return to the Add Attribute screen.
12.
To add a quarantine session timer, select the MS-Quarantine-Session-Timeout
attribute and click Add.
13.
In the Attribute Value text box, enter the number of seconds that represents the maximum
amount of time that client computers can remain connected in quarantine mode, and
then click OK.
14.
Click Close.
15.
Click OK twice to save your changes to the remote access policy.
16.
Make sure that this policy is listed first in the processing order. Right-click the policy
and select Move Up if necessary.
■
Note
Once you've configured the quarantine policy as the first policy in the processing order, configure a
second policy that allows normal access to your RAS server and internal network.
How It Works
One of the most exciting advances in Windows Server 2003 is NAQC. This service allows you to
create a temporary “staging area” for clients who are attempting to gain access to your network,
where you can determine if the computer in question meets your company's requirements for
antivirus protection and software patching (not to mention a lack of spyware or worm infec-
tions) before allowing the client to access internal network resources.
IAS acts as a port of an NAQC solution by placing the necessary quarantine restrictions on
incoming clients, controlling which systems the quarantined client can and cannot access. For
example, if an incoming client does not have the necessary antivirus definitions, you may want
to allow it access to a server that can provide it with updates, rather than simply denying that
client access to your network. Once a client computer is determined to pass any necessary “health
checks,” IAS can then remove these quarantine restrictions and allow normal access to your
network resources. You can also enable a quarantine timer that will disconnect clients after
a certain amount of time, rather than allowing them to remain on the quarantined network
indefinitely.
Configuring NAQC requires a significant amount of legwork before you can deploy it on a
production network. Before you implement a remote access policy with quarantine IP filters
and session timers on your network, you must complete the following steps:
