Date post: | 30-Dec-2015 |
Category: |
Documents |
Upload: | jeremy-carroll |
View: | 264 times |
Download: | 9 times |
Windows 7 Windows 7 FirewallFirewall
Windows 7 Firewall Windows 7 Firewall TopicsTopics
What is a firewall?What is a firewall? Firewall typesFirewall types How a firewall worksHow a firewall works Default firewall behaviorDefault firewall behavior Windows 7 firewall featuresWindows 7 firewall features Configuring Windows 7 firewallConfiguring Windows 7 firewall
What is a firewall?What is a firewall?
A device that filters packets either A device that filters packets either coming into or going out of a devicecoming into or going out of a device
Filtering can be based on IP, TCP, UDP Filtering can be based on IP, TCP, UDP and other criteria relating to a packet as and other criteria relating to a packet as well as authentication. well as authentication.
Criteria contained in firewall rules.Criteria contained in firewall rules. Firewall rule is similar to an access Firewall rule is similar to an access
control list statementcontrol list statement Example: permit host 172.16.1.1 host Example: permit host 172.16.1.1 host
180.50.1.1 eq Telnet180.50.1.1 eq Telnet
Firewall TypesFirewall Types
Packet filtering vs stateful vs proxyPacket filtering vs stateful vs proxy Packet filtering makes each filtering Packet filtering makes each filtering
decision on a packet by packet basis decision on a packet by packet basis without regard to previous packets in any without regard to previous packets in any directondirecton
Stateful firewall keeps track of packet Stateful firewall keeps track of packet flows and filters based on flow informationflows and filters based on flow information
Proxy firewall works on a per-application Proxy firewall works on a per-application basis. User sends to proxy, proxy creates basis. User sends to proxy, proxy creates new packet sourced from proxynew packet sourced from proxy
Firewall TypesFirewall Types
Network-based vs host-basedNetwork-based vs host-based Network-based runs a router, multi-Network-based runs a router, multi-
layer switch or dedicated firewalllayer switch or dedicated firewall Host-based firewall runs on computer Host-based firewall runs on computer
running OS such as Windows 7 or UNIXrunning OS such as Windows 7 or UNIX Hardware vs software firewallHardware vs software firewall
Hardware firewall chassis designed for Hardware firewall chassis designed for specifically to operate as a firewall; specifically to operate as a firewall; highest performancehighest performance
6
Windows FirewallWindows Firewall
Host-based, stateful software firewallHost-based, stateful software firewall Evaluates each packet as it arrives or Evaluates each packet as it arrives or
leaves and determines whether that leaves and determines whether that packet is allowed or denied based on packet is allowed or denied based on flowflow
Windows 7 firewall is improved over Windows 7 firewall is improved over XP versionXP version
Default Firewall BehaviorDefault Firewall Behavior
Default is to allow all outbound Default is to allow all outbound traffic and response inbound traffic; traffic and response inbound traffic; deny all other inbound trafficdeny all other inbound traffic
How Firewall WorksHow Firewall Works
Incoming packet is inspected and Incoming packet is inspected and compared against a list of allowed compared against a list of allowed traffic. traffic. If packet matches a list entry, packet If packet matches a list entry, packet
passed to TCP/IP protocol for further passed to TCP/IP protocol for further processing. processing.
If the packet does not match a list entry If the packet does not match a list entry then packet is discardedthen packet is discarded If logging is enabled, Windows creates an If logging is enabled, Windows creates an
entry in the Firewall logging file entry in the Firewall logging file
How List is PopulatedHow List is Populated
When enabled connection sends a When enabled connection sends a packet, the firewall creates an entry packet, the firewall creates an entry in the list for response traffic. in the list for response traffic.
Allow rules can be manually created Allow rules can be manually created with Advanced Security.with Advanced Security.
10
Windows 7 FirewallWindows 7 Firewall
Windows Firewall featuresWindows Firewall features Inbound filteringInbound filtering Outbound filteringOutbound filtering Firewall rules combined with IPsec rulesFirewall rules combined with IPsec rules Support for complex rulesSupport for complex rules Support for loggingSupport for logging
Locations and the Locations and the FirewallFirewall
Windows Firewall with Advanced Security Windows Firewall with Advanced Security is a network location aware applicationis a network location aware application
Windows 7 stores the firewall properties Windows 7 stores the firewall properties based on location typesbased on location types
Configuration for each location type is Configuration for each location type is called a profilecalled a profile In each profile you can:In each profile you can:
Enable or disable Windows FirewallEnable or disable Windows Firewall Configure inbound and/or outbound connectionsConfigure inbound and/or outbound connections Customize logging and other settingsCustomize logging and other settings
Locations and Firewall Locations and Firewall SettingsSettings
As the network location connected to As the network location connected to changes, the Windows Firewall profile changes, the Windows Firewall profile changes. changes.
Windows Firewall can therefore Windows Firewall can therefore automatically allow incoming traffic for automatically allow incoming traffic for a specific desktop management tool a specific desktop management tool when the computer is on a domain when the computer is on a domain network but block similar traffic when network but block similar traffic when the computer is connected to public or the computer is connected to public or private networks. private networks.
Locations and Firewall Locations and Firewall SettingsSettings
Location types: domain, public, and private.Location types: domain, public, and private. Domain - the connection is authenticated to a Domain - the connection is authenticated to a
domain controller for the domain of which it is a domain controller for the domain of which it is a member.member.
By default, all other networks are initially By default, all other networks are initially classified as public networks. classified as public networks.
User can identify the network as either public or User can identify the network as either public or private.private. Public profile: For use when in locations such as airports Public profile: For use when in locations such as airports
or coffee shops. or coffee shops. Private profile: For use when connected at a home or Private profile: For use when connected at a home or
office and behind an edge device. office and behind an edge device. To classify a network as a private network, the user must To classify a network as a private network, the user must
have administrator credentials.have administrator credentials.
Locations and Firewall Locations and Firewall SettingsSettings
While a computer may be connected to multiple While a computer may be connected to multiple network locations at the same time, only one network locations at the same time, only one profile can be active at a time. The active profile profile can be active at a time. The active profile is determined as follows:is determined as follows:
If all interfaces are authenticated to the domain If all interfaces are authenticated to the domain controller for the domain of which the computer controller for the domain of which the computer is a member, the domain profile is applied.is a member, the domain profile is applied.
If at least one interface is connected to a private If at least one interface is connected to a private network location and all other interfaces are network location and all other interfaces are either authenticated to the domain controller or either authenticated to the domain controller or are connected to private network locations, the are connected to private network locations, the private profile is applied.private profile is applied.
Otherwise, the public profile is applied.Otherwise, the public profile is applied.
Configuring Windows Configuring Windows FirewallFirewall
Control Panel – Windows FirewallControl Panel – Windows Firewall
16
Basic Firewall Basic Firewall ConfigurationConfiguration
17
Advanced Firewall Advanced Firewall ConfigurationConfiguration
Allows you to configure more Allows you to configure more complex rules, outgoing filtering, and complex rules, outgoing filtering, and IPsec rulesIPsec rules
18
Advanced Firewall Advanced Firewall ConfigurationConfiguration
19
Windows Firewall Windows Firewall PropertiesProperties
20
IPSec SettingsIPSec Settings
IPsec is a system for securing and IPsec is a system for securing and authenticating IP-based network authenticating IP-based network connectionsconnections
IPsec defaults - you can configureIPsec defaults - you can configure Key exchange protocolsKey exchange protocols Data protection protocolsData protection protocols Authentication MethodAuthentication Method
21
Advanced Firewall Advanced Firewall ConfigurationConfiguration
22
Advanced Firewall Advanced Firewall ConfigurationConfiguration
View and Edit Firewall RulesView and Edit Firewall Rules A large number of inbound and A large number of inbound and
outbound rules are created by default in outbound rules are created by default in Windows VistaWindows Vista
23
Advanced Firewall Advanced Firewall ConfigurationConfiguration
24
Advanced Firewall Advanced Firewall ConfigurationConfiguration
View and Edit Firewall RulesView and Edit Firewall Rules You modify an existing rule by opening its You modify an existing rule by opening its
propertiesproperties Tabs in the properties of an outbound ruleTabs in the properties of an outbound rule
GeneralGeneral Programs and ServicesPrograms and Services ComputersComputers Protocols and PortsProtocols and Ports ScopeScope AdvancedAdvanced
Create New Firewall RulesCreate New Firewall Rules A wizard guides you through the processA wizard guides you through the process
25
Advanced Firewall Advanced Firewall ConfigurationConfiguration
26
Advanced Firewall Advanced Firewall ConfigurationConfiguration
Create New Firewall RulesCreate New Firewall Rules Rule types you can create with the Rule types you can create with the
Outbound Rule WizardOutbound Rule Wizard ProgramProgram PortPort PredefinedPredefined CustomCustom
Actions for a ruleActions for a rule Allow the connectionAllow the connection Allow the connection if it is secureAllow the connection if it is secure Block the connectionBlock the connection
27
Advanced Firewall Advanced Firewall ConfigurationConfiguration
28
Advanced Firewall Advanced Firewall ConfigurationConfiguration
Create New Computer-Connection Create New Computer-Connection Security RulesSecurity Rules Use IPsec to authenticate and secure Use IPsec to authenticate and secure
communication between two computerscommunication between two computers Security rule typesSecurity rule types
IsolationIsolation Authentication exemptionAuthentication exemption Server-to-serverServer-to-server TunnelTunnel CustomCustom
29
Advanced Firewall Advanced Firewall ConfigurationConfiguration
30
Advanced Firewall Advanced Firewall ConfigurationConfiguration
Monitor Windows Firewall Rules and Monitor Windows Firewall Rules and ConnectionsConnections Firewall node allows you to see rules that Firewall node allows you to see rules that
are enabled in one screenare enabled in one screen Connection Security node allows you to see Connection Security node allows you to see
the computer connection security rules that the computer connection security rules that are enabled and any security associations are enabled and any security associations that are activethat are active
Security associationSecurity association Rules for communication between two computersRules for communication between two computers
31
Advanced Firewall Advanced Firewall ConfigurationConfiguration