Download presentation
1
Lesson 19: Configuring Windows Firewall
MOAC : Installing and Configuring Windows Server 2012
2
Overview Exam Objective 6.4: Configure Windows Firewall
Building a Firewall Using the Windows Firewall Control Panel Using the Windows Firewall with Advanced Security Console Lecture notes go here © 2013 John Wiley & Sons, Inc.
3
Lesson 19: Configuring Windows Firewall
Building a Firewall Lesson 19: Configuring Windows Firewall Lecture notes go here © 2013 John Wiley & Sons, Inc.
4
Building a Firewall A firewall is a software program that protects a computer or a network by allowing certain types of network traffic in and out of the system while blocking others. A firewall is essentially a series of filters that examine the contents of packets and the traffic patterns to and from the network to determine which packets they should allow to pass through the filter. © 2013 John Wiley & Sons, Inc.
5
Firewalls Protect Against:
Network scanner applications that probe systems for unguarded ports, which are essentially unlocked doors that attackers can use to gain access to the system. Trojan horse applications that open a connection to a computer on the Internet, enabling an attacker on the outside to run programs or store data on the system. Attackers that obtain passwords by illicit means, such as social engineering, and then use remote access technologies to log on to a computer from another location and compromise its data and programming. Denial of service attacks that use authorized access points to bombard a system with traffic, preventing legitimate traffic from reaching the computer. © 2013 John Wiley & Sons, Inc.
6
Firewall Settings The three most important criteria that firewalls can use in their rules are: IP addresses: Identify specific hosts on the network. You can use IP addresses to configure a firewall to allow only traffic from specific computers or networks in and out. Protocol numbers: Specify whether the packet contains TCP or UDP (User Datagram Protocol) traffic. You can filter protocol numbers to block packets containing certain types of traffic. Port numbers: Identify specific applications running on the computer. The most common firewall rules use port numbers to specify the types of application traffic the computer is allowed to send and receive. © 2013 John Wiley & Sons, Inc.
7
Firewall Settings Firewall rules can function in two ways:
Admit all traffic, except that which conforms to the applied rules Block all traffic, except that which conforms to the applied rules © 2013 John Wiley & Sons, Inc.
8
Working with Windows Firewall
The Windows Firewall control panel provides a simplified interface that enables you to avoid the details of rules and port numbers. For full access to firewall rules and more sophisticated functions, you must use the Windows Firewall with Advanced Security console. Many of the roles and features included in Windows Server 2012 automatically open the appropriate firewall ports when you install them. The system warns you of firewall issues. © 2013 John Wiley & Sons, Inc.
9
Working with Windows Firewall
Network Discovery is nothing more than a set of firewall rules that regulate the ports Windows uses for network browsing. When you click the warning banner and choose Turn on network discovery and file sharing from the context menu, you are in effect activating these firewall rules, thereby opening the ports associated with them Windows Explorer with Network Discovery and File Sharing turned off © 2013 John Wiley & Sons, Inc.
10
Working with Windows Firewall
The Network and Sharing Center control panel, through its Advanced Sharing Settings page, provides options that you can use to turn Network Discovery on and off, as shown in Figure 19-2, as well as File Sharing and other basic networking functions. The Advanced Sharing Settings page of the Network and Sharing Center control panel © 2013 John Wiley & Sons, Inc.
11
Working with Windows Firewall
The Windows Firewall control panel has an Allow an app or feature through Windows Firewall link, which opens the Allowed appsdialog box, as shown in Figure The Network Discovery check box on this dialog box enables you to control the same set of rules as the Network Discovery control in the Network and Sharing Center. The Network Discovery application in the Allowed apps dialog box © 2013 John Wiley & Sons, Inc.
12
Working with Windows Firewall
Finally, you can access the individual Network Discovery rules directly, by using the Windows Firewall with Advanced Security console. When you select the Inbound Rules node and scroll down in the list, you see nine different Network Discovery rules, as shown in Figure 19-4. Network Discovery rules in the Windows Firewall with Advanced Security console © 2013 John Wiley & Sons, Inc.
13
Using the Windows Firewall Control Panel
Lesson 19: Configuring Windows Firewall Lecture notes go here © 2013 John Wiley & Sons, Inc.
14
Using the Windows Firewall Control Panel
Use the information in the book to describe all of the settings you see on the screen. The Windows Firewall control panel window © 2013 John Wiley & Sons, Inc.
15
Using the Windows Firewall Control Panel
Use the information in the book to describe all of the settings you see on the screen. The Customize Settings dialog box for Windows Firewall © 2013 John Wiley & Sons, Inc.
16
Allowing Applications
Opening a port in a server’s firewall is an inherently dangerous activity. The more open doors you put in a wall, the more opportunities that intruders can exploit to get in. Windows Firewall provides two basic methods for opening a hole in your firewall: opening a port and allowing an application. Both are risky, but the latter of the two is less so. This is because when you open a port by creating a rule in the Windows Firewall with Advanced Security console, the port stays open permanently. When you allow an application through the firewallby using the Control Panel, the specified port is open only while the program is running. When you terminate the program, the firewall closes the port. The Allowed Apps dialog box for Windows Firewall © 2013 John Wiley & Sons, Inc.
17
Using the Windows Firewall with Advanced Security Console
Lesson 19: Configuring Windows Firewall Lecture notes go here © 2013 John Wiley & Sons, Inc.
18
Using the Windows Firewall with Advanced Security Console
© 2013 John Wiley & Sons, Inc.
19
Configuring Profile Settings
The default Windows Firewall configuration calls for the same basic settings for all three profiles: The firewall is turned on. Incoming traffic is blocked unless it matches a rule. Outgoing traffic is allowed unless it matches a rule. © 2013 John Wiley & Sons, Inc.
20
Configuring Profile Settings
The Windows Firewall with Advanced Security on Local Computer dialog box © 2013 John Wiley & Sons, Inc.
21
Creating Rules Selecting either Inbound Rules or Outbound Rules in the left pane displays a list of all the rules operating in that direction, as shown in Figure The rules that are currently operational have a check mark in a green circle, whereasthe rules not in force are grayed out. The Inbound Rules list in the Windows Firewall with Advanced Security console © 2013 John Wiley & Sons, Inc.
22
The Rule Type page in the New Inbound Rule Wizard
Creating Rules Rule Typespecifies whether you want to create a program rule, a port rule, a variant on one of the predefined rules, or a custom rule, as shown in Figure This selection determines which of the following pages the wizard displays. The Rule Type page in the New Inbound Rule Wizard © 2013 John Wiley & Sons, Inc.
23
The Program page in the New Inbound Rule Wizard
Creating Rules Programspecifies whether the rule applies to all programs, to one specific program, or to a specific service, as shown in Figure This is the equivalent of defining an allowed application in the Windows Firewall control panel, except that you must specify the exact path to the application. The Program page in the New Inbound Rule Wizard © 2013 John Wiley & Sons, Inc.
24
The Protocols and Ports page in the New Inbound
Creating Rules Protocol and Portsspecifies the network or transport layer protocol and the local and remote ports to which the rule applies, as shown in Figure This enables you to specify the exact types of traffic that the rule should block or allow. To create rules in this way, you must be familiar with the protocols and ports that an application uses to communicate at both ends of the connection. The Protocols and Ports page in the New Inbound Rule Wizard © 2013 John Wiley & Sons, Inc.
25
The Predefined Rules page in the New Inbound
Creating Rules Predefined Rulesspecifies which predefined rules defining specific network connectivity requirements the wizard should create, as shown in Figure The Predefined Rules page in the New Inbound Rule Wizard © 2013 John Wiley & Sons, Inc.
26
The Scope page of the New Inbound Rule Wizard
Creating Rules Scopespecifies the IP addresses of the local and remote systems to which the rule applies, as shown in Figure This enables you to block or allow traffic between specific computers. The Scope page of the New Inbound Rule Wizard © 2013 John Wiley & Sons, Inc.
27
The Action page of the New Inbound Rule Wizard
Creating Rules Actionspecifies the action the firewall should take when a packet matches the rule, as shown in Figure You configure the rule to allow traffic if it is blocked by default, or block traffic if it is allowed by default. You can also configure the rule to allow traffic only when the connection between the communicating computers is secured using IPsec. The Action page of the New Inbound Rule Wizard © 2013 John Wiley & Sons, Inc.
28
The Profile page of the New Inbound Rule Wizard
Creating Rules Profilespecifies the profile(s) to which the rule should apply: domain, private, and public, as shown in Figure The Profile page of the New Inbound Rule Wizard © 2013 John Wiley & Sons, Inc.
29
The Name page of the New Inbound Rule Wizard
Creating Rules Namespecifies a name and (optionally) a description for the rule, as shown in Figure The Name page of the New Inbound Rule Wizard © 2013 John Wiley & Sons, Inc.
30
Importing and Exporting Rules
The process of creating and modifying rules in the Windows Firewall with Advanced Security console can be time consuming. The console makes it possible for you to save the rules and settings you create by exporting them to a policy file. A policy file is a file with a .wfw extension that contains all the property settings in a Windows Firewall installation, as well as all of its rules, including the preconfigured rules and the ones you created or modified. © 2013 John Wiley & Sons, Inc.
31
Creating Rules Using Group Policy
Windows Firewall is an application designed to protect a single computer from intrusion Administrators can distribute firewall settings to computers throughout the network by using Group Policy. © 2013 John Wiley & Sons, Inc.
32
Creating Rules Using Group Policy
Group Policy does not overwrite the entire Windows Firewall configuration, as importing a policy file does. When you deploy firewall rules and settings by using Group Policy, the rules in the GPO are combined with the existing rules on the target computers. The only exception is when you deploy rules with the same names as existing rules. Then, the GPO settings overwrite these found on the target computers. The Windows Firewall with Advanced Security node in a Group Policy object © 2013 John Wiley & Sons, Inc.
33
Using Filters The filter feature enables you to display inbound or outbound rules according to: The profile they apply to Their current state The group to which they belong © 2013 John Wiley & Sons, Inc.
34
Creating Connection Security Rules
The IP Security (IPsec) standards are a collection of documents that define a method for securing data while it is in transit over a TCP/IP network. IPsec includes a connection establishment routine, during which computers authenticate each other before transmitting data, and a technique called tunneling, in which data packets are encapsulated within other packets, for their protection. Windows Server 2012 also includes a feature that incorporates IPsec data protection into the Windows Firewall. © 2013 John Wiley & Sons, Inc.
35
Creating Connection Security Rules
Rule Typespecifies the basic function of the rule, such as to isolate computers based on authentication criteria, to exempt certain computers (such as infrastructure servers) from authentication, to authenticate two specific computers or groups of computers, or to tunnel communications between two computers, as shown in Figure You can also create custom rules combining these functions. The Rule Type page in the New Connection Security Rule Wizard © 2013 John Wiley & Sons, Inc.
36
Creating Connection Security Rules
Endpointsspecifies the IP addresses of the computers that establish a secured connection before transmitting any data, as shown in Figure 19-21 The Endpoints page in the New Connection Security Rule Wizard © 2013 John Wiley & Sons, Inc.
37
Creating Connection Security Rules
Requirementsspecifies whether authentication between two computers should be requested or required. If required, options include requiring authentication for inbound connections only or for both inbound and outbound connections, as shown in Figure The Requirements page in the New Connection Security Rule Wizard © 2013 John Wiley & Sons, Inc.
38
Creating Connection Security Rules
Authentication Methodspecifies the type of authentication the computers should use when establishing a connection, as shown in Figure The Authentication Method page in the New Connection Security Rule Wizard © 2013 John Wiley & Sons, Inc.
39
Lesson Summary A firewall is a software program that protects a computer by allowing certain types of network traffic in and out of the system while blocking others. A firewall is essentially a series of filters that examine the contents of packets and the traffic patterns to and from the network to determine which packets they should allow to pass through the filter. The default rules preconfigured into the firewall are designed to admit the traffic used by standard Windows networking functions, such as file and printer sharing. For outgoing network traffic, Windows Firewall allows all traffic to pass the firewall except that which conforms to a rule. The Windows Firewall control panel is designed to enable administrators to perform basic firewall configuration tasks as needed. For full access to the Windows Firewall configuration settings, you must use the Windows Firewall with Advanced Security snap-in for the Microsoft Management console. Lecture notes go here © 2013 John Wiley & Sons, Inc.
40
Copyright 2013 John Wiley & Sons, Inc.
All rights reserved. Reproduction or translation of this work beyond that named in Section 117 of the 1976 United States Copyright Act without the express written consent of the copyright owner is unlawful. Requests for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.