To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

How to transfigure the Wikipedia

Would you like Wikipedia to always look as professional and up-to-date? We have created a browser extension. It will enhance any encyclopedic page you visit with the magic of the WIKI 2 technology.

Try it — you can delete it anytime.

Install in 5 seconds
4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
Great Wikipedia has got greater.
.
Leo
Newton
Brights
Milds

Network Access Protection

From Wikipedia, the free encyclopedia

Network Access Protection (NAP) is a Microsoft technology for controlling network access of a computer, based on its health. It was first included in Windows Vista and Windows Server 2008 and backported to Windows XP Service Pack 3. With NAP, system administrators of an organization can define policies for system health requirements.[1] Examples of system health requirements are whether the computer has the most recent operating system updates installed, whether the computer has the latest version of the anti-virus software signature, or whether the computer has a host-based firewall installed and enabled. Computers with a NAP client will have their health status evaluated upon establishing a network connection. NAP can restrict or deny network access to the computers that are not in compliance with the defined health requirements.

NAP was deprecated in Windows Server 2012 R2[2] and removed from Windows Server 2016.[3]

YouTube Encyclopedic

  • 1/5
    Views:
    78 504
    6 427
    23 482
    19 955
    4 423
  • Network Access Protection
  • MicroNugget: Network Access Protection with DHCP
  • How To Enable Network Access Protection
  • How To Turn On Network Access Protection On WIndow 7 !
  • HOW TO DISABLE NETWORK ACCESS FOR CERTAIN APP/PROGRAM(pc)

Transcription

In this section I will look a Network Access Protection. Network access protection is a system in windows server 2008 that allows you either to allow or deny computers onto your network based on a number of health checks. In this video, I will look at what is network access protection or NAP. Next I will look at the NAP process. This is the process each client go through when it starts up and tries to access the network. Like most systems on windows server 2008 there are components which make it work. I will go through each of the NAP components and explain how they work. With NAP there are a lot of systems that make it work correctly. Understanding each of these systems provides the foundation for using NAP on your network. Once you understand the components that make up NAP, I will look at a typical NAP layout. This NAP layout is only really used on large scale networks. If you have a small network you may not want or need to go to these lengths, but seeing a network like this does help you understand the fundamentals of NAP. Lastly I will configure NAP for DHCP. NAP for DHCP is fairly easy to configure. Once you understand how to configure NAP for DHCP, you will be able to use NAP on other parts of your network. NAP, or Network access Protection is a new role in Windows Server 2008. Formally in Windows Server 2003 it was called network access quarantine control. NAP in a nut shell protects the integrity of your network. It does this by performing health checks on your computers. Nap can check your antivirus and spyware is up to date and even check service packs and updates are installed on the computer. If the computer does not meet the health checks, NAP can isolate the computer from the rest of the network. This prevents a computer, for example a computer without antivirus being allowed on the network. I once had an end user remove the antivirus from her computer because she felt it was slowing the computer down. If this was to happen with NAP running, you could isolate the computer from the rest of the network as without antivirus software the computer could become compromised and infect other computers on the network. With NAP, you can allow the computer to receive updates so it can pass health checks. For example have the antivirus software installed. It should be pointed out that NAP does not offer any protection against malicious users. If you have a dis grunted employee and there computer passes all the health checks, they can still get on the network can cause a lot of damage. To understand how NAP works it is a good idea to understand the process NAP goes through when a computer starts ups. When the computer start ups it does a health check. You can determine what you want to check for, common checks include services packs, antivirus and spyware are installed and up to date and a firewall is enabled. When the computer attempts to access the network, the health statements is sent to the NAP enforcement point. What is a NAP enforcement point? This is a point on the network that checks the computers health and determines what parts of the network that computer will have access to. There are different type of NAP enforcements points supported by Windows Server 2008. First there is DHCP server. IP addresses can be allocated to clients based on passing or failing their health checks. Next there is V P N. When a client connects via a VPN it is first checked to make sure it passes all the health checks. A VPN server is an easy place for a network to become infected so it is also a good place to configure NAP. Next you have the 802.1x access control standard used on network equipment. If your switches or network devices support it, you can determine which ports are available to a client depending on if they pass or fail their health checks. Next you have terminal services gateway. NAP interfaces with terminal services gateway allowing it to allow or deny clients based on NAP health checks. Nap can also be used with IP sec. When a computer passes it’s health check it is given a certificate. This certificate is used with IP sec to make a connection to the server. When a NAP enforcement point receives a health statement from a client, the statement is forwarded onto your NAP server. The NAP server can then determine if the health statement is valid and returns an approve or deny response back to the enforcement point. This works well to stop a computer accessing the network, but stopping it accessing the network will also stop it getting any updates and stop it from becoming compliant. So what do you do when a computer fails it health checks. Firstly you can do nothing. Simply put, the computer failing the health check is recorded and logged. You can view the log and see which computers need updates. When you first install NAP on your network it is recommend that you run NAP in report only mode. The last thing you want to do is stop a lot of your computers accessing the network when you install NAP. When you first install NAP, look at the NAP logs and see what needs to be done to bring your computers up to date. Bring your computers you to date before your starting denying access. Your end users will thank you for it. In the real world, your end users will probably will not thank you for it, but in the IT world, no news is often good news. Once you are happy with your settings you can of course deny access to the network. This can still cause problems. Denying access to the network means the computer can’t get any updates. To solve this problem, NAP allows the computer to access a remediation network. When the client connects to the network it fails its health check and is denied access to the main network. The client is however allow access to the remediation network when it can access updates. Once the computer is up to date, it will then be allowed to access the main network. NAP is very configurable and depending on the solution you put in place and your needs will determine if you put a remediation network into place. It is not uncommon for the remediation network to be part of the main network. In this scenario the computer is allowed access to the network while it is in the process of being updated. In some NAP configurations you can have both the remediation and main network on the same network. For example if you using IP Sec for enforcement. With IP sec, the certificate is allocated only once the health check is passed. Without the certificate, the client can’t create an IP sec connection. With IP sec, you change the servers configuration to only allow NAP IP sec connections. When deploying NAP, consider if you want to isolate the client on their own network or simply deny them access to parts of the network till they are compliant. There are many different components that make NAP work. On the client there is a system health agent or sha. The sha reports the health of the client to a enforcement point. For example, if you use NAP with DHCP, when the client requests an IP address off the DHCP server, the DHCP will receive a health statement from the client. The agent that provides this health statement comes already installed on windows server 2008, windows 7, windows Vista and windows X P with service pack 3. There is room however for 3rd parties to develop their own sha’s. These 3rd party sha’s could add additional checks or run on additional operating systems. Once the client has provided a health statement, this is passed onto a system health validator or shv. The shv is part of the network policy server component and must be installed on windows server 2008. With the shv you can also get it to work with radius. This is useful for example if you want to use 802 dot one X. The last part of a NAP deployment is remediation servers. These are optional on your network, but if you did install them they would provide things like updates to antivirus and windows updates through services like w SUS. As you can see, there is a lot of components to NAP and there are many different ways you can configure NAP depending on your needs. Let’s have a look at a typical NAP lay out that may be used in a large company. On this network, when a computer connects up to the network, one of 3 things happen. Firstly if the computer meets it’s health requirements it is allow access to the production network. For the computer to do this, it must support NAP and NAP must also be correctly configured. If the computer supports NAP but fails it’s heath checks, it is given access to the remediation network. Since the computer does not meet health checks, it may have a virus on it and thus makes it potentially dangerous to have on the production network. To reduce the risk, a read only domain controller can be deployed on the remediation network. The computer should be able to get updates from this network but since the network is isolated, should not be able to infect any of the computers in the production network. Finally is the computer does not support NAP, it is transferred to a guest network. This may be the case if you have visitors from another company plugging in to your network. If this is the cases you want them to have access to basic services from your network like accessing the company web site and internet but nothing else. To do this, a web proxy could be installed so they can access information but can’t access any confidential data or any other company systems. As you can see, there are many different ways you can configure NAP, it all depends on how many servers and networks you want to set up. To start using NAP you need to decide on what type of enforcement you want to use. I will start by looking at configuring NAP for DHCP as configuring NAP for DHCP is very simple to set up and a good way to get your feet wet. When a client connects to the network, if they a compliant, they will get full IP configuration and access to the network. If the computer is not compliant, you have the option to give the client limited IP configuration. When this occurs, you can add entries to the client routing table so it can access computers on the network. For example a redemption server. NAP for DHCP is simple to set up and use, but offers the least amount of security. This is because it does not stop a user manually setting their own IP address. If an end user has enough I T knowledge, they can manually set their own IP address and by pass NAP completely. Let’s have a look, how to configure NAP for DHCP. To run DHCP Nap enforcement on your network, you first need to installed Network Policy Server. This is essentially the heart of NAP. To do this, run server manager and then select the option add roles. The component that I require is part of network policy and Access Services, select network policy and access server from the list and move on. The component that we require from network policy and access services is Network policy server. In this example I will install Network Policy Server on a different server than DHCP. It is easier for you to install DHCP and network policy server on the same server. It is easier to run and less steps to configure it, but on larger networks you may need to separate the two. Network policy server is a fairly fast install, it should only take a minute or two. Once installed I need to configure it by running the Network policy admin tool from administrative tools under the start menu. The first thing that I need to configure is the system health validator. This will determine what needs to be configured on the client for it to pass it’s health check. To do this, go down to Network access and protection and expand downwards until you get to settings. With windows Server 2008 R 2 you can create additional configurations. For example you could create a different set of requirements to access the companies intranet. In this case I will modify the default configuration since I only want one set of NAP settings. In the properties section I can configure what NAP will check for. To demonstrate this product I will switch off some of the features like spyware and windows update. The only settings that I will leave on are the windows firewall and antivirus. Now that I have configured the settings I want NAP to check for, I will add some remediation servers. These are the servers that the client will be able to access if it fails it’s health check. In this case I will add my W SUS server so the client can retrieve windows updates. Have a careful think about what servers you add here. With DHCP enforcement, these are the only servers the client will be able to access. You should also consider adding a domain controller and better still a read only domain controller is you have one. Remember that without access to a domain controller, the client will not be able to access group policy and other active directory services which may stop it from becoming compliant. Now that we have the health policy and remediation server set up, I need to now run the NAP configuration wizard to configure the rest of NAP. To launch the wizard, all I need to do is select the server at the top of the screen and then select the option configure NAP. As you can see, the dialog box is quiet large. To allow it to fit on the screen I will select the option auto hide start bar. This wizard can be used for any enforcement type that NAP supports. Since we are using DHCP in this example, I will select dynamic host configuration protocol from the pull down list. By default, the wizard will also enter in a name for the policy. If your DHCP server is installed on a different server, you will need to add the DHCP server as a radius client, in my case I will add my DHCP server called DHCP 1. In order for the radius server to communicate with the radius client, you need to have a radius secret set up which is common between the two. If I select the option generate and press the generate button, windows will generate a rather long shared secret for you to use. This will give you greater security, but you still need a way to copy the shared secret from this server. The longer key means you now need some way of managing the key which may mean storing the key on devices like U S B sticks or even e-mailing the key to transfer between servers. Having a large key like this does impose more difficultly in the management of keys but gives you greater security. A shorter key is often a lot easier to manage and can even just be memorized. In this case, I will simply manually enter in a key. On this screen, you need to enter in the DHCP scopes that you are planning on using NAP enforcement on. In this case, I have already created a scope on the DHCP server called desktop computers. If you did not enter in a scope on this screen, NAP enforcement would apply to all scopes installed on that DHCP server. Next you need to decide what computers this policy will apply to. If you do not enter in any computers or groups of computers in here, the policy will apply to all computers. On this screen you can set up a remediation sever group. The remediation server group simply means the client can access these servers if they fail their health check. On this screen, you can also enter in a troubleshooting URL. This URL will be shown to the users and should contain information on how the user can get their computer up to date. For example, the U R L may have a link for the user to download virus software. You will also notice here that the windows security health validtor has been selected and will be used to determine the health of the client. An important setting to take note of is the setting, enable auto redemption of client computers. This option means that NAP will attempt to fix any problems on the client when it fails a health check. For example, if NAP was checking to see if your firewall was running and found it was off, with auto redemption enabled, NAP will re enable the firewall. Down the bottom of the screen, you will notice the option, what to do if a NAP ineligible client tries to access the network. If a computer that does not support NAP, for example a windows 2000 computer were to attempt to access the network. By default, these types of computers will be denied access to the network and will only be able to access the remediation servers. In some environments you may want to give these computers full access to the network. For example, if you have a few legacy computers on the network that you are planning to phase out. Setting this setting to allow will still give them access to the network until you can retire them. Once IPress finish, the wizard will create the required polices to run NAP with DHCP on your network. NAP is now configured, but before it can be used with DHCP, DHCP needs to be configured. To do this, I now need to switch to my DHCP server. The Network Policy Server setting for NAP are not on my DHCP server, but in order to access them Network Policy Server needs to be installed locally on the DHCP server. I have all ready completed the install for network policy server, to run it, go to administrative tools under the start menu and run Network policy server. In order for the two Network Policy servers to communicate, the remote server must be added to the Remote RADIUS server groups. To add the server, right click on Remote radius servers and select new. In this dialog I need to enter in the name of my remote server, in this case the servers name is NAP. If I now go to the authentication and accounting screen, I need to enter in the shared secret I set up on the other NPS server. Once I close the dialog the NAP server will be added as a remote server. This will allow the two servers to communicate with each other, however by design they won’t. In order to have this network policy server pass on requests to be authentication on the other network policy server a policy must be created to tell the server to do this. To do this, right click on connection request policies and select new. For the policy name I will enter in forward NAP request and select the type of network access server as DHCP server. I want this server to only forward on NAP traffic, so to do this, press add and then go than the list until you get to identity. Add identity and then select health checks only. This means, this rule will only forward NAP health checks onto the other Network policy server. On the next screen is where you need to specific where to send the NAP requests. In this case I will select the group that I created earlier. On the next screen, I can configure additional options. This is more for when you are using 3d party RADIUS servers. In this case I don’t need to add anything. Once I reach the end of the wizard and press finish the new policy will be created. Whenever creating network policies , pay careful attention to the order of the polices. In this case, I want to forward NAP requests to be the first policy. If anther policy matches before forward NAP requests than my forward NAP requests will be ignored. That’s all the configuration that is required for the network policy server installed on the DHCP server. I can now close network policy server and open the DHCP admin tool from administrative tools under the start menu. Once inside the DHCP admin, I need to expand down to IP version 4 right click and select properties. From the properties, select the tab network access protection. You will notice that by default, DHCP will grant full access to the network when the network policy server in unavailable. Otherwise you can set it to restricted access or drop client packets which means ignore the client completely. If you change the default server behavior, this means that if your network policy server is not contactable for any reasons, no client will be able to access your production network till it is back up again. If you change the option, you would probably at the minimum want to make sure that you have at least two network policy servers configure on your network for redundancy. The only time you could get away having one would be when your network policy server and DHCP are stored on the same server. If IPress the button enable on all scopes, network access protection will be enabled on all scopes on the DHCP server. If you want more control, you can expand down to IP version 4 and select the scope that you want to enable NAP on. Selecting the scope and accessing the properties, I can again go into the network access protection tab, but this time the settings will only apply to this scope. To enable NAP on this scope I need to select the option “enable for this scope” In this particular case I will use the default network access protection profile, but if you need to you could set up different network access protection profiles for different scopes. To configure network access protection further, you need to set some scope options. If I now go into the scope options and then select the tab advanced, I can select “default network access protection class”. This will give me the settings that the DHCP server will allocate to the client when it fails it’s health checks. You can set as many or as few options as you want in here. You can also set options that are completely different to the main options, for example I could set a completely different DNS server. This different DNS server will be allocated only to client who fail their health checks. If I go back into scope options, you will notice the setting I just added and also you will also notice the class is shown on the far right hand side. The other two settings with a class of none will be allocate to clients that pass their health checks. This concludes the server set up, now let’s have a look what needs to be configure on the client. In order for the client to start using NAP there are a number of things that need to be set. Luckily for us these can be set using group policy. Firstly you need to enable the security center. Be aware that in Windows 7 the security center has changed to the action center. Next I need to go into computer configuration in group policy and then into windows settings and security settings and set two settings. First is enable the NAP service. Without the NAP service running, the client will not be able to issue a health statement to the enforcement point. The second setting tells NAP the enforcement type or types that we will be using. Let’s have a look at how to set this up on a windows 7 client using group policy. First of all I need to create a group policy for NAP on my domain controller. To do this, run group policy management from administrative tools under the start menu. In this example, I will create a new group policy for my domain by right click on the domain and selecting create new G P O in this domain and link it here. In your domain, since there are own a few settings that need to be set, you may want to just modify and existing group policy. Once I have create the group policy called DHCP NAP, I need to edit it. Expand down in group policy through administrative templates, Windows components and down to security center. Even though security center has change in windows 7 to action center, the group policy setting remains the same. All I need to do here is change the settings to enable. The next settings I need to change are not under administrative templates so I will reduce administrative templates and go into windows settings and then into security settings. In security settings I can go into system services. In system services, you can enable and disable services on the client computer. The network access protection service agent shown here is disabled by default on windows clients. To enable any NAP enforcement this service needs to be running. I will select automatic so the services will always be running. To configure the type of NAP enforcement I want to use, I need to leave system services and go into Network access protection. Under network access protection I need to select NAP client configuration and select enforcement clients. You can see in here all the different types of NAP enforcement that could be used. Since I am using DHCP enforcement, I will enable DHCP quarantine enforcement client. You could if you wished enable multiple enforcements types if you wished. These are all the settings that need to be enabled on the client side. I have used a domain wide group policy to set them, however I could have quiet easily set the settings on the client. If I now switch to my windows 7 computer, we can see NAP in operation. (Switch to windows 7 DHCP Nap demo.swf) First of all I want to see the status of NAP enforcement on this computer. To do this on windows 7, I need to open the action center. After I open the control panel I need to select the option review your computers status under System and security. You can see that Network access protection has been added to the action center. The action center is telling us also that this computer is not meeting the security standards for NAP. To get some more information about the problem, press the button view solution. If I scroll down to the bottom, you can see that NAP did not detect any antivirus software on this computer and thus this is why the computer did not pass the health check. While in this state, the computer will only be able to access servers in the remediation group. To see which servers it can access, open a command prompt from the start menu and run route print. I have added the minus 4 switch so I only get IP version 4 routes. You can see the first route 10 dot 0 dot 0 dot two with the subnet mask 255 dot 255 dot 255 dot 255. This means that any traffic for that IP address will be sent to that server directly. This IP address is the address of the DHCP server. The next address is the IP address of the W Sus server which I added into the redemption server group. Those who understand routing tables really well will quickly see that there is no route to the 10 dot 0 dot 0 network where this computer is currently located. This means, this computer can only access other computers on the 10 dot 0 dot 0 network when a route to that computer is added. This example shows an important fact when setting up NAP. Notice that my domain controller is not contactable and also D N S servers and this computer does not have access to the internet. You can also see that DHCP enforcement is a weak form of protection because a person with I T knowledge could either add their own routes to the routing table or assign a static IP address to the computer and thus by pass NAP completely. When you set up DHCP NAP enforcement, make sure you add servers the computer needs access to, for example domain controllers. Without access to a domain controller, the computer cannot access group policy which may make important changes the computer. If I now run an IP config slash all, you will see that the system quarantine state is set as restricted. This is another way of determining what the status of NAP is without having to go into the action or security center. To make this computer compliant I am going to install virus software. I have accelerated the install to the end as installing virus software is not the focus of this training video. Once the virus software is installed the computer should be able to pass a NAP health check. If I now go back to my command prompt and run IP config slash all, you will see that system quarantine state has changed to not restricted. If your state does not change straight away, you may need to run an IP config slash renew to refresh your IP address settings. There is one more feature that I want to demonstrate. If I open the control panel and then open system and security, I can than open the windows firewall settings. If now select the option to switch the firewall settings off, this is one of the checks that NAP does in its health check. Since I Put the option on for auto remediation, windows will attempt to fix problems that cause a computer to fail a health check. As you can see, windows has switched the firewall back on again. This is why auto remediation is a great feature to leave on and will mean a few less calls to your helpdesk. In summary, there is a lot of planning you should do before installing NAP on your network. NAP decides on who get’s access to the network and who get’s denied. I would suggest running NAP in logging mode first. Work out who is failing there health checks and why. If you can fix these problems before you deny computers to the network or place them in separate networks you will have a lot less angry phone calls to the help desk. NAP has its fair share of acronyms. The two most important are system health agent and system health validator otherwise known as SHA and SHV. Remember, the agent or SHA issues a statement of health which is inspected by the SHV or system health validator. Microsoft supplies a SHV, but 3rd party vendors can create their own. Remember that NAP is very customizable and thus can start becoming very complicated very quickly. Carefully planning is the key to a good NAP deployment.

Overview

Network Access Protection Client Agent makes it possible for clients that support NAP to evaluate software updates for their statement of health.[4] NAP clients are computers that report their system health to a NAP enforcement point. A NAP enforcement point is a computer or device that can evaluate a NAP client's health and optionally restrict network communications. NAP enforcement points can be IEEE 802.1X-capable switches or VPN servers, DHCP servers, or Health Registration Authorities (HRAs) that run Windows Server 2008 or later. The NAP health policy server is a computer running the Network Policy Server (NPS) service in Windows Server 2008 or later that stores health requirement policies and provides health evaluation for NAP clients. Health requirement policies are configured by administrators. They define criteria that clients must meet before they are allowed undeterred connection; these criteria may include the version of the operating system, a personal firewall, or an up-to-date antivirus program.

When a NAP-capable client computer contacts a NAP enforcement point, it submits its current health state. The NAP enforcement point sends the NAP client's health state to the NAP health policy server for evaluation using the RADIUS protocol. The NAP health policy server can also act as a RADIUS-based authentication server for the NAP client.

The NAP health policy server can use a health requirement server to validate the health state of the NAP client or to determine the current version of software or updates that need to be installed on the NAP client. For example, a health requirement server might track the latest version of an antivirus signature file.

If the NAP enforcement point is an HRA, it obtains health certificates from a certification authority for NAP clients that it deems to be compliant with the relevant requirements. NAP clients can be placed on a restricted network if they are deemed non-compliant. The restricted network is a logical subset of the intranet and contains resources that allow a noncompliant NAP client to correct its system health. Servers that contain system health components or updates are known as remediation servers. A noncompliant NAP client on the restricted network can access remediation servers and install the necessary components and updates. After remediation is complete, the NAP client can perform a new health evaluation in conjunction with a new request for network access or communication.

NAP client support

A NAP client ships with Windows Vista, Windows 7, Windows 8 and Windows 8.1 but not with Windows 10.[3] A limited NAP client is also included in Windows XP Service Pack 3. It has no MMC snap-in and does not support AuthIP-based IPsec enforcement. As such, it can only be managed via a command-line tool called netsh, and the IPsec enforcement is IKE-based only.[5][6]

Microsoft partners provide NAP clients for other operating systems such as macOS and Linux.

See also

References

  1. ^ "Network Access Protection". 2 July 2012. Archived from the original on 2016-06-07. Retrieved 2016-06-15.
  2. ^ "Features Removed or Deprecated in Windows Server 2012 R2". Archived from the original on 2015-02-08. Retrieved 2015-01-29.
  3. ^ a b "What's New in DHCP in Windows Server Technical Preview". Archived from the original on 2015-04-09. Retrieved 2015-05-20.
  4. ^ "How to Enable the Network Access Protection Client Agent". technet.microsoft.com. Archived from the original on 2016-08-19. Retrieved 2016-07-15.
  5. ^ Sigman, Jeff (8 November 2007). "XP NAP Rude Q and A". Network Access Protection (NAP) blog. Microsoft. Archived from the original on 27 May 2008. Retrieved 24 December 2009.
  6. ^ Sigman, Jeff (20 June 2007). "NAP demystified (hopefully)". Network Access Protection (NAP) blog. Microsoft. Archived from the original on 3 January 2015. Retrieved 18 September 2015.

External links

This page was last edited on 17 August 2023, at 12:57
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.
Contact WIKI 2
Introduction
Terms of Service
Privacy Policy