MOAC 70-687 L12 Network Firewall Security
Transcript of MOAC 70-687 L12 Network Firewall Security
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
1/45
Lesson 12: Configuring andMaintaining Network
SecurityMOAC 70-687: Configuring Windows 8
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
2/45
WPA-Enterprise WPA-Personal Defending Against
MalwareLesson 12: Configuring and Maintaining
Network Security
2013 John Wiley & Sons, Inc. 2
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
3/45
Malware Malicious software infiltrates or damages a
computer system without the users
knowledge or consent.
Malicious software includes viruses, Trojanhorses, worms, spyware, and adware.
The term most commonly used tocollectively refer to these malicious softwaretechnologies is malware.
2013 John Wiley & Sons, Inc. 3
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
4/45
Windows 8 Action Center The Action Center is a centralized console
that enables users and administrators toaccess, monitor, and configure the variousWindows 8 security mechanisms.
Action Center is a service that startsautomatically and runs continuously onWindows 8 computers, by default.
The service constantly monitors the differentsecurity mechanisms running on thecomputer.
2013 John Wiley & Sons, Inc. 4
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
5/45
Windows 8 Action Center
The Action Center menu in the notification area
2013 John Wiley & Sons, Inc. 5
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
6/45
Accessing Action Center To open Action Center:
o Click the notification area icon
o Open from Control Panel
Action Center displays information aboutthe problems it has discovered and links topossible solutions.
2013 John Wiley & Sons, Inc. 6
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
7/45
Accessing Action Center
The Action Center window
2013 John Wiley & Sons, Inc. 7
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
8/45
Accessing Action Center
The Change Action Center Settings window
2013 John Wiley & Sons, Inc. 8
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
9/45
Understanding Firewalls A firewall is a software program or hardware
device that protects a computer byallowing certain types of network traffic in
and out of the system while blocking others. To filter traffic, firewalls use rules, which
specify which packets are allowed to passthrough the firewall and which are blocked.
2013 John Wiley & Sons, Inc. 9
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
10/45
Understanding Firewalls Firewalls typically base their filtering on the
TCP/IP characteristics at the network,transport, and application layers of theOpen Systems Interconnection (OSI)reference model:o IP addresses: Represent specific computers on
the network.
o Protocol numbers: Identify the transport layer
protocol being used by the packets.o Port numbers: Identify specific applications
running on the computer.
2013 John Wiley & Sons, Inc. 10
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
11/45
Monitoring WindowsFirewall
Windows Firewall is one of the programs monitoredby the Action Center service.
When you open the Windows Control Panel andclick System and Security > Windows Firewall, a
Windows Firewall window appears. Each heading contains the following information:
o Whether the computer is connected to a domain, private,or public network
o Whether the Windows Firewall service is currently turned on
or offo Whether inbound and outbound connections are blocked
o Whether users are notified when a program is blocked
2013 John Wiley & Sons, Inc. 11
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
12/45
Monitoring Windows Firewall
The Windows Firewall window
2013 John Wiley & Sons, Inc. 12
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
13/45
Using the WindowsFirewall Control Panel
A series of links on the left side of the WindowsFirewall window enable you too Configure Windows Firewall to allow a specific app or
feature through its barrier
o Change the firewall notification settingso Turn Windows Firewall on and off
o Restore the default firewall settings
o Configure advanced firewall settings
Clicking Change notification settings or TurnWindows firewall on or off displays theCustomize settings for each type of networkdialog box.
2013 John Wiley & Sons, Inc. 13
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
14/45
Using the Windows FirewallControl Panel
The Customize settings for each type of networkdialog box
2013 John Wiley & Sons, Inc. 14
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
15/45
Blocking IncomingConnections
Select the Block all incoming connections,including those in the list of allowed apps
check box to block all unsolicited attempts
to connect to your computer. This does not prevent you from performing
common networking tasks, like accessingwebsites and sending or receiving emails.
2013 John Wiley & Sons, Inc. 15
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
16/45
Allowing Programsthrough the Firewall
ClickAllow an app or feature through WindowsFirewall to open the Allow programs tocommunicate through Windows Firewall dialogbox.
In this dialog box, you can open a port throughthe firewall for specific programs and featuresinstalled on the computer.
Opening a port in your firewall is inherently
dangerous. The more holes you make in a wall,the greater the likelihood that intruders will getin.
2013 John Wiley & Sons, Inc. 16
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
17/45
Allowing Programs throughthe Firewall
The Allow programs to communicate through WindowsFirewall dialog box
2013 John Wiley & Sons, Inc. 17
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
18/45
Using the Windows Firewall with
Advanced Security Console The Windows Firewall with Advanced
Security snap-in for Microsoft ManagementConsole (MMC) provides direct access to
the rules that control the behavior ofWindows Firewall.
To access the console from the WindowsControl Panel, click System and Security >
Administrative Tools > Windows Firewall withAdvanced Security.
2013 John Wiley & Sons, Inc. 18
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
19/45
Using the Windows Firewall withAdvanced Security Console
The Windows Firewall with Advanced Security snap-in
2013 John Wiley & Sons, Inc. 19
f f l
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
20/45
Configuring ProfileSettings
You can change default behavior byclicking the Windows Firewall Properties link.
The Windows Firewall with Advanced
Security on Local Computer Properties sheetis configurable.
2013 John Wiley & Sons, Inc. 20
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
21/45
Configuring Profile Settings
The Windows Firewall with Advanced Security on LocalComputer Properties sheet
2013 John Wiley & Sons, Inc. 21
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
22/45
Creating Rules In the Windows Firewall with Advanced
Security console, you can work with the rulesin their raw form.
Selecting either Inbound Rules or OutboundRules in the left pane displays a list of all therules operating in that direction.
The rules that are currently operational havea checkmark in a green circle, while therules not in force are grayed out.
2013 John Wiley & Sons, Inc. 22
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
23/45
Creating Rules
The Inbound Rules list in the Windows Firewall withAdvanced Security console
2013 John Wiley & Sons, Inc. 23
D f l Wi d Fi ll
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
24/45
Default Windows FirewallRules Settings
2013 John Wiley & Sons, Inc. 24
Private Publ ic Domain
Core Networking Enabled Enabled Enabled
File and PrinterSharing
Enabled Disabled Disabled
Homegroup Disabled N/A N/A
Network Discovery Enabled Disabled Disabled
Remote Desktop Disabled Disabled Disabled
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
25/45
The New Rule Wizard The New Rule Wizard takes you through the
process of configuring the following sets ofparameters:
o Rule Typeo Program
o Protocol and Ports
o Scope
o Action
o Profile
o Name
2013 John Wiley & Sons, Inc. 25
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
26/45
Creating Rules
The New Inbound Rule Wizard
2013 John Wiley & Sons, Inc. 26
I i d E i
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
27/45
Importing and ExportingRules
After creating and modifying rules in theWindows Firewall with Advanced Securityconsole, you can export them to a policy file.
To create a policy file, select Export Policyfrom the Action menu in the Windows Firewallwith Advanced Security console, and specifya name and location for the file.
2013 John Wiley & Sons, Inc. 27
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
28/45
Using Filters The term filterrefers to a feature that
enables you to display rules according to:
o The profile they apply to
o Their current stateo The group to which they belong
2013 John Wiley & Sons, Inc. 28
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
29/45
IP Security (IPsec) The IPsec standards are a collection of
documents that define a method forsecuring data while it is in transit over aTCP/IP network.
IPsec includes:o A connection establishment routine, during
which computers authenticate each otherbefore transmitting data.
o A technique called tunneling, in which datapackets are encapsulated within other packetsfor their protection.
2013 John Wiley & Sons, Inc. 29
C fi i C ti
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
30/45
Configuring ConnectionSecurity Rules
When you right-click the Connection SecurityRules node and select New Rule from thecontext menu, the New Connection SecurityRule Wizard takes you through the process ofconfiguring these parameters:
o Rule Type
o Endpoints
o Requirements
o Authentication Method
o Profile
o Name
2013 John Wiley & Sons, Inc. 30
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
31/45
Configuring ConnectionSecurity Rules
The New Connection Security Rule Wizard
2013 John Wiley & Sons, Inc. 31
C fi i Wi d
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
32/45
Configuring WindowsFirewall with Group Policy
When you browse to the ComputerConfiguration\Policies\WindowsSettings\Security Settings\Windows Firewall withAdvanced Security node in a GPO, you see the
interface, which is similar to that of the WindowsFirewall with Advanced Security console.
Clicking Windows Firewall Properties opens adialog box with the same controls as the
Windows Firewall with Advanced Security onLocal Computer Properties sheet and clickingInbound Rules and Outbound Rules launchesthe same wizards as the console.
2013 John Wiley & Sons, Inc. 32
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
33/45
Configuring Windows Firewallwith Group Policy
The Windows Firewall with AdvancedSecurity node in a GPO
2013 John Wiley & Sons, Inc. 33
I t d i Wi d
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
34/45
Introducing WindowsDefender
Windows 8 includes an application called WindowsDefender that: Helps to defend against spyware by scanning the
places where it most commonly infiltrates acomputer.
Includes real-time monitoring, which attempts toprevent spyware from infiltrating the computer as itis installed.
Runs by default on Windows 8 computers andperforms a scan every day at 2:00 AM.
Windows Update also supplies Defender withsignature updates on a regular basis, to keep theprogram current.
2013 John Wiley & Sons, Inc. 34
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
35/45
Introducing Windows Defender
The Windows Defender window
2013 John Wiley & Sons, Inc. 35
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
36/45
Configure Windows Defender
The Windows Defender Settings page
2013 John Wiley & Sons, Inc. 36
U i th M li i
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
37/45
Using the MaliciousSoftware Removal Tool
The Malicious Software Removal Tool:o Is a single-use virus scanner that Microsoft
supplies in each of its monthly operating systemupdates.
o Was created for systems that have antivirussoftware. The tool functions as an effectivebackup.
o Can provide an effective scan in the event thatthe main software is not functioning.
Some malware can disable well-known virusscanners.
2013 John Wiley & Sons, Inc. 37
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
38/45
Atta k o Wi ele
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
39/45
Attacks on WirelessNetworks
Some types of attacks to which anunsecured wireless network is subject are:
o Eavesdropping
o Masqueradingo Attacks against wireless clients
o Denial of service
o Data tampering
2013 John Wiley & Sons, Inc. 39
E aluating Wireless
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
40/45
Evaluating WirelessNetworking Hardware
The 802.11 standards published by the IEEEdictate the frequencies, transmission speeds,and ranges of wireless networking products.
As a general rule, devices supporting thenewer, faster standards are capable of fallingback to slower speeds when necessary.
There is another compatibility factor to consider
apart from the IEEE 802.11 standardsthesecurity protocols that the wireless devicessupport.
2013 John Wiley & Sons, Inc. 40
IEEE Wireless
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
41/45
IEEE WirelessNetworking Standards
2013 John Wiley & Sons, Inc. 41
Standard Frequency
(GHz)
Transm ission Rate
(Mbps)
Range
(Indoor/Outdoor)
(meters)
802.11-1997 2.4 1, 2 20/100
802.11a-1999 5 6 to 54 35/120802.11b-1999 2.4 5.5 to 11 38/140
802.11g-2003 2.4 6 to 54 38/140
802.11n-2009 2.4 and 5 7.2 to 288 (@20 MHz)
15 to 600 (@40 MHz)
70/250
802.11y-2008 3.7 6 to 54 5000+
802.11ac (Draft) 5 433 to 867 (@80 MHz)
867 to 6.93 Gbps
(@160 MHz)
Using Wired Equivalent
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
42/45
Using Wired EquivalentPrivacy (WEP)
WEP is a security protocol that helps protecttransmitted information by using a securitysetting, called a shared secret or a shared
key, to encrypt network traffic beforesending it.
To use WEP, administrators must configure allthe devices on the wireless network with the
same shared secret key. The devices usethat key to encrypt all their transmissions.
2013 John Wiley & Sons, Inc. 42
Selecting an
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
43/45
Selecting anAuthentication Method
The initial WEP standards provided for two typesof computer authentication:o Open system: Enables any client to connect without
providing a password
o Shared secret: Requires wireless clients toauthenticate by using a secret key
If you use open system authentication, anycomputer can easily join your network.
Without the WEP encryption key theunauthorized clients cannot send or receivewireless communications, and they will not beable to abuse the wireless network.
2013 John Wiley & Sons, Inc. 43
Using Wi Fi Protected
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
44/45
Using Wi-Fi ProtectedAccess (WPA)
To address the weaknesses of WEP, the Wi-FiAlliance, a consortium of the leadingwireless network equipment vendors,
developed WPA. There are two encryption options for WPA:
o Temporal Key Integrity Protocol (TKIP)
o Advanced Encryption System (AES)
2013 John Wiley & Sons, Inc. 44
Using Wi Fi Protected
-
8/10/2019 MOAC 70-687 L12 Network Firewall Security
45/45
Using Wi-Fi ProtectedAccess (WPA)
In its current form, WPA has two operationalmodes:o WPA-Personal(also known as WPA-PSK or
preshared key mode): An administrator selects a
passphrase that is automatically associated withthe dynamically generated security settings.
o WPA-Enterprise(also known as WPA-802.1X orWPA-RADIUS): Requires an authentication serverusing Remote Authentication Dial-In User Service(RADIUS) and the 802.1X authentication protocol,as implemented in the Network Policy andAccess Services role in Windows Server 2008 R2.