Now Microsoft XP Service Pack 3 has been out for a few weeks you should all have had enough time to at least begin testing in your environment. With that in mind, we thought now would be a good time to examine in some more detail how SP3 could bring benefits to network security in particular.
Windows Vista supports NAP, and with SP3, now so does Windows XP. NAP provides a number of ways to ensure a minimum level of compliance required for access to a network, ranging from DHCP, VPN and IPSEC clients to compliant hardware such as network switches and enforcement servers. Before considering deploying a NAP solution, you must carefully consider appropriate requirements as setting the bar too high initially will simply mean you end up preventing far too many users from accessing the network and cause a massive support headache. Given the copious reporting options provided by NAP you are well advised to simply enable clients without restricting network access initially, and use the data gathered to provide a snapshot of the compliance state of your environment. This data will provide the information you need to ensure a phased implementation of NAP can be achieved without excessive traffic generation due to many clients accessing remediation servers simultaneously or widespread denial of clients due to non-compliance.