What's New for Network and Edge Protection in Windows Server 2008

Applies To: Windows Server 2008

Network and edge protection technologies can be used to protect your organization's network from external threats and vulnerabilities. In addition, they can be used to manage and control internal network traffic that has a destination outside your network.

Windows Firewall with Advanced Security

Windows Firewall with Advanced Security provides the following new functionality in the Windows Server® 2008 operating system:

  • Windows Firewall is turned on by default

  • Internet Protocol security (IPsec) policy management is simplified

  • New support for Authenticated IP (AuthIP), which extends the existing support for the Internet Key Exchange (IKE) protocol for negotiating IPsec associations

  • Support for protecting traffic from domain members to the domain controller by using IPsec

  • Improved cryptographic support

  • Settings can change dynamically based on the network location type

  • Integration of Windows Firewall and IPsec management into a single user interface

  • Full support for Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) network traffic protection in the Next Generation TCP/IP stack.

Additional resources for Windows Firewall with Advanced Security

Network Policy and Access Services role

The Network Policy and Access Services role encompasses three significant security-related components: Network Policy Server, Network Access Protection, and Routing and Remote Access in Windows Server 2008.

Network Policy Server

Network Policy Server (NPS) allows you to create and enforce organization-wide network access policies for client health, connection request authentication, and connection request authorization. In addition, you can use NPS as a RADIUS proxy to forward connection requests to NPS or other RADIUS servers that you configure in remote RADIUS server groups. NPS provides the following new security-related functionality in Windows Server 2008:

  • Network Access Protection (NAP)

  • Support for IPv6

  • Integration with Cisco Network Admission Control (NAC)

  • Attributes to identify access clients

  • Integration with Server Manager

  • Network policies that match the network connection method

  • Common Criteria support

  • Extensible Authentication Protocol Host (EAPHost) and Extensible Authentication Protocol (EAP) policy support

Additional resources for NPS

Network Access Protection

Network Access Protection (NAP) is a new platform and solution that controls access to network resources based on a client computer's identity and compliance with corporate governance policy. NAP allows network administrators to define specific levels of network access based on who a client is, the groups to which the client belongs, and the degree to which that client is compliant with corporate governance policy. If a client is not compliant, NAP provides a mechanism to automatically bring the client back into compliance and then dynamically increase its level of network access. The four key components of NAP are policy validation, network restriction, remediation, and ongoing compliance.

Additional resources for NAP

Routing and Remote Access

The Routing and Remote Access service in Windows Server 2008 provides remote users access to resources on your private network over virtual private network (VPN) or dial-up connections. The following improvements are security-related:

  • The addition of the Secure Socket Tunneling Protocol (SSTP)

  • New cryptographic support

Additional resources for Routing and Remote Access

See Also


What's New in Security in Windows Server 2008