MOAC 70-687 L12 Network Firewall Security

8/10/2019 MOAC 70-687 L12 Network Firewall Security

1/45

Lesson 12: Configuring andMaintaining Network

SecurityMOAC 70-687: Configuring Windows 8


2/45

WPA-Enterprise WPA-Personal Defending Against

MalwareLesson 12: Configuring and Maintaining

Network Security

2013 John Wiley & Sons, Inc. 2


3/45

Malware Malicious software infiltrates or damages a

computer system without the users

knowledge or consent.

Malicious software includes viruses, Trojanhorses, worms, spyware, and adware.

The term most commonly used tocollectively refer to these malicious softwaretechnologies is malware.



4/45

Windows 8 Action Center The Action Center is a centralized console

that enables users and administrators toaccess, monitor, and configure the variousWindows 8 security mechanisms.

Action Center is a service that startsautomatically and runs continuously onWindows 8 computers, by default.

The service constantly monitors the differentsecurity mechanisms running on thecomputer.



5/45

Windows 8 Action Center

The Action Center menu in the notification area



6/45

Accessing Action Center To open Action Center:

o Click the notification area icon

o Open from Control Panel

Action Center displays information aboutthe problems it has discovered and links topossible solutions.



7/45

Accessing Action Center

The Action Center window



8/45

Accessing Action Center

The Change Action Center Settings window



9/45

Understanding Firewalls A firewall is a software program or hardware

device that protects a computer byallowing certain types of network traffic in

and out of the system while blocking others. To filter traffic, firewalls use rules, which

specify which packets are allowed to passthrough the firewall and which are blocked.



10/45

Understanding Firewalls Firewalls typically base their filtering on the

TCP/IP characteristics at the network,transport, and application layers of theOpen Systems Interconnection (OSI)reference model:o IP addresses: Represent specific computers on

the network.

o Protocol numbers: Identify the transport layer

protocol being used by the packets.o Port numbers: Identify specific applications

running on the computer.



11/45

Monitoring WindowsFirewall

Windows Firewall is one of the programs monitoredby the Action Center service.

When you open the Windows Control Panel andclick System and Security > Windows Firewall, a

Windows Firewall window appears. Each heading contains the following information:

o Whether the computer is connected to a domain, private,or public network

o Whether the Windows Firewall service is currently turned on

or offo Whether inbound and outbound connections are blocked

o Whether users are notified when a program is blocked



12/45

Monitoring Windows Firewall

The Windows Firewall window



13/45

Using the WindowsFirewall Control Panel

A series of links on the left side of the WindowsFirewall window enable you too Configure Windows Firewall to allow a specific app or

feature through its barrier

o Change the firewall notification settingso Turn Windows Firewall on and off

o Restore the default firewall settings

o Configure advanced firewall settings

Clicking Change notification settings or TurnWindows firewall on or off displays theCustomize settings for each type of networkdialog box.



14/45

Using the Windows FirewallControl Panel

The Customize settings for each type of networkdialog box



15/45

Blocking IncomingConnections

Select the Block all incoming connections,including those in the list of allowed apps

check box to block all unsolicited attempts

to connect to your computer. This does not prevent you from performing

common networking tasks, like accessingwebsites and sending or receiving emails.



16/45

Allowing Programsthrough the Firewall

ClickAllow an app or feature through WindowsFirewall to open the Allow programs tocommunicate through Windows Firewall dialogbox.

In this dialog box, you can open a port throughthe firewall for specific programs and featuresinstalled on the computer.

Opening a port in your firewall is inherently

dangerous. The more holes you make in a wall,the greater the likelihood that intruders will getin.



17/45

Allowing Programs throughthe Firewall

The Allow programs to communicate through WindowsFirewall dialog box



18/45

Using the Windows Firewall with

Advanced Security Console The Windows Firewall with Advanced

Security snap-in for Microsoft ManagementConsole (MMC) provides direct access to

the rules that control the behavior ofWindows Firewall.

To access the console from the WindowsControl Panel, click System and Security >

Administrative Tools > Windows Firewall withAdvanced Security.



19/45

Using the Windows Firewall withAdvanced Security Console

The Windows Firewall with Advanced Security snap-in


f f l


20/45

Configuring ProfileSettings

You can change default behavior byclicking the Windows Firewall Properties link.

The Windows Firewall with Advanced

Security on Local Computer Properties sheetis configurable.



21/45

Configuring Profile Settings

The Windows Firewall with Advanced Security on LocalComputer Properties sheet



22/45

Creating Rules In the Windows Firewall with Advanced

Security console, you can work with the rulesin their raw form.

Selecting either Inbound Rules or OutboundRules in the left pane displays a list of all therules operating in that direction.

The rules that are currently operational havea checkmark in a green circle, while therules not in force are grayed out.



23/45

Creating Rules

The Inbound Rules list in the Windows Firewall withAdvanced Security console


D f l Wi d Fi ll


24/45

Default Windows FirewallRules Settings


Private Publ ic Domain

Core Networking Enabled Enabled Enabled

File and PrinterSharing

Enabled Disabled Disabled

Homegroup Disabled N/A N/A

Network Discovery Enabled Disabled Disabled

Remote Desktop Disabled Disabled Disabled


25/45

The New Rule Wizard The New Rule Wizard takes you through the

process of configuring the following sets ofparameters:

o Rule Typeo Program

o Protocol and Ports

o Scope

o Action

o Profile

o Name



26/45

Creating Rules

The New Inbound Rule Wizard


I i d E i


27/45

Importing and ExportingRules

After creating and modifying rules in theWindows Firewall with Advanced Securityconsole, you can export them to a policy file.

To create a policy file, select Export Policyfrom the Action menu in the Windows Firewallwith Advanced Security console, and specifya name and location for the file.



28/45

Using Filters The term filterrefers to a feature that

enables you to display rules according to:

o The profile they apply to

o Their current stateo The group to which they belong



29/45

IP Security (IPsec) The IPsec standards are a collection of

documents that define a method forsecuring data while it is in transit over aTCP/IP network.

IPsec includes:o A connection establishment routine, during

which computers authenticate each otherbefore transmitting data.

o A technique called tunneling, in which datapackets are encapsulated within other packetsfor their protection.


C fi i C ti


30/45

Configuring ConnectionSecurity Rules

When you right-click the Connection SecurityRules node and select New Rule from thecontext menu, the New Connection SecurityRule Wizard takes you through the process ofconfiguring these parameters:

o Rule Type

o Endpoints

o Requirements

o Authentication Method

o Profile

o Name



31/45

Configuring ConnectionSecurity Rules

The New Connection Security Rule Wizard


C fi i Wi d


32/45

Configuring WindowsFirewall with Group Policy

When you browse to the ComputerConfiguration\Policies\WindowsSettings\Security Settings\Windows Firewall withAdvanced Security node in a GPO, you see the

interface, which is similar to that of the WindowsFirewall with Advanced Security console.

Clicking Windows Firewall Properties opens adialog box with the same controls as the

Windows Firewall with Advanced Security onLocal Computer Properties sheet and clickingInbound Rules and Outbound Rules launchesthe same wizards as the console.



33/45

Configuring Windows Firewallwith Group Policy

The Windows Firewall with AdvancedSecurity node in a GPO


I t d i Wi d


34/45

Introducing WindowsDefender

Windows 8 includes an application called WindowsDefender that: Helps to defend against spyware by scanning the

places where it most commonly infiltrates acomputer.

Includes real-time monitoring, which attempts toprevent spyware from infiltrating the computer as itis installed.

Runs by default on Windows 8 computers andperforms a scan every day at 2:00 AM.

Windows Update also supplies Defender withsignature updates on a regular basis, to keep theprogram current.



35/45

Introducing Windows Defender

The Windows Defender window



36/45

Configure Windows Defender

The Windows Defender Settings page


U i th M li i


37/45

Using the MaliciousSoftware Removal Tool

The Malicious Software Removal Tool:o Is a single-use virus scanner that Microsoft

supplies in each of its monthly operating systemupdates.

o Was created for systems that have antivirussoftware. The tool functions as an effectivebackup.

o Can provide an effective scan in the event thatthe main software is not functioning.

Some malware can disable well-known virusscanners.



38/45

Atta k o Wi ele


39/45

Attacks on WirelessNetworks

Some types of attacks to which anunsecured wireless network is subject are:

o Eavesdropping

o Masqueradingo Attacks against wireless clients

o Denial of service

o Data tampering


E aluating Wireless


40/45

Evaluating WirelessNetworking Hardware

The 802.11 standards published by the IEEEdictate the frequencies, transmission speeds,and ranges of wireless networking products.

As a general rule, devices supporting thenewer, faster standards are capable of fallingback to slower speeds when necessary.

There is another compatibility factor to consider

apart from the IEEE 802.11 standardsthesecurity protocols that the wireless devicessupport.


IEEE Wireless


41/45

IEEE WirelessNetworking Standards


Standard Frequency

(GHz)

Transm ission Rate

(Mbps)

Range

(Indoor/Outdoor)

(meters)

802.11-1997 2.4 1, 2 20/100

802.11a-1999 5 6 to 54 35/120802.11b-1999 2.4 5.5 to 11 38/140

802.11g-2003 2.4 6 to 54 38/140

802.11n-2009 2.4 and 5 7.2 to 288 (@20 MHz)

15 to 600 (@40 MHz)

70/250

802.11y-2008 3.7 6 to 54 5000+

802.11ac (Draft) 5 433 to 867 (@80 MHz)

867 to 6.93 Gbps

(@160 MHz)

Using Wired Equivalent


42/45

Using Wired EquivalentPrivacy (WEP)

WEP is a security protocol that helps protecttransmitted information by using a securitysetting, called a shared secret or a shared

key, to encrypt network traffic beforesending it.

To use WEP, administrators must configure allthe devices on the wireless network with the

same shared secret key. The devices usethat key to encrypt all their transmissions.


Selecting an


43/45

Selecting anAuthentication Method

The initial WEP standards provided for two typesof computer authentication:o Open system: Enables any client to connect without

providing a password

o Shared secret: Requires wireless clients toauthenticate by using a secret key

If you use open system authentication, anycomputer can easily join your network.

Without the WEP encryption key theunauthorized clients cannot send or receivewireless communications, and they will not beable to abuse the wireless network.


Using Wi Fi Protected


44/45

Using Wi-Fi ProtectedAccess (WPA)

To address the weaknesses of WEP, the Wi-FiAlliance, a consortium of the leadingwireless network equipment vendors,

developed WPA. There are two encryption options for WPA:

o Temporal Key Integrity Protocol (TKIP)

o Advanced Encryption System (AES)


Using Wi Fi Protected


45/45

Using Wi-Fi ProtectedAccess (WPA)

In its current form, WPA has two operationalmodes:o WPA-Personal(also known as WPA-PSK or

preshared key mode): An administrator selects a

passphrase that is automatically associated withthe dynamically generated security settings.

o WPA-Enterprise(also known as WPA-802.1X orWPA-RADIUS): Requires an authentication serverusing Remote Authentication Dial-In User Service(RADIUS) and the 802.1X authentication protocol,as implemented in the Network Policy andAccess Services role in Windows Server 2008 R2.

Documents

MOAC 70-687 L12 Network Firewall Security