Microsoft and partners work to tighten remote access security

Endpoint security was already a big deal with any type of secure remote access, but awareness of it has been heightened by Microsoft’s announcement of its Network Access Protection (NAP) plan.

Briefly, Microsoft is providing two APIs to other vendors so that Microsoft gear can scan remote machines and restrict their network access if they come up short of corporate security policies. For instance, if a personal firewall vendor wrote to the API, Microsoft software could check that the software is present, turned on and has virus signature updates that meet policy requirements.

Microsoft is also including new capabilities to its Windows 2003 Server platform that validates whether a remote device should be admitted to the network. If not, it can redirect the device to a quarantined network segment where it can get updates to bring it into compliance.

This is important because if the remote machine is infected with some virus, worm, Trojan or other malware, it can infect an entire corporate network if the machine is granted access via an IPSec VPN tunnel.

The key to all this is that the remote device has many different types of security turned on – a firewall, anti-virus software, malware detection and the like. And no single vendor makes all these products, so cooperation among vendors to integrate them is important. Because use of Windows XP is so pervasive, it is a step forward for Microsoft to bring forth its NAP APIs.

VPN vendors have recognized this need for some time and have forged relationships with other vendors so their gateways can enforce security policies based on whether third-party software is turned on.

Look for more extensive relationships like these to develop; particularly one expected this week from Juniper. And in the months to come, look for Microsoft’s partners to take advantage of NAP to broaden its usefulness.