Download - Lesson 11: Configuring and Maintaining Network Security MOAC 70-687: Configuring Windows 8.1.

Lesson 11: Configuring and Maintaining Network Security

MOAC 70-687: Configuring Windows 8.1

Overview• Exam Objective 3.3: Configure and

maintain network securityo Configure Windows Firewallo Configure Windows Firewall with Advanced

Securityo Configure connection security rules (IPsec)o Configure authenticated exceptionso Configure network discovery

WPA-Enterprise WPA-Personal Defending

Against MalwareLesson 11: Configuring and Maintaining Network

Security

© 2013 John Wiley & Sons, Inc. 4

Malware• Malicious software infiltrates or damages a

computer system without the user’s knowledge or consent.

• Malicious software includes viruses, Trojan horses, worms, spyware, and adware.

• The term most commonly used to collectively refer to these malicious software technologies is malware.


Windows 8.1 Action Center

• The Action Center is a centralized console that enables users and administrators to access, monitor, and configure the various Windows 8.1 security mechanisms.

• Action Center is a service that starts automatically and runs continuously on Windows 8.1 computers, by default.

• The service constantly monitors the different security mechanisms running on the computer.


Windows 8.1 Action Center

The Action Center menu in the notification area


Accessing Action Center

• To open Action Center:o Click the notification area icono Open from Control Panel

• Action Center displays information about the problems it has discovered, and links to possible solutions.

Accessing Action Center

The Action Center window



Understanding Firewalls

• A firewall is a software program or hardware device that protects a computer by allowing certain types of network traffic in and out of the system while blocking others.

• To filter traffic, firewalls use rules, which specify which packets are allowed to pass through the firewall and which are blocked.


Understanding Firewalls

• Firewalls typically base their filtering on the TCP/IP characteristics at the network, transport, and application layers of the Open Systems Interconnection (OSI) reference model.o IP addresses – Represent specific computers

on the network. o Protocol numbers – Identify the transport

layer protocol being used by the packets.o Port numbers – Identify specific applications

running on the computer.


Monitoring Windows Firewall

• Windows Firewall is one of the programs monitored by the Action Center service.

• When you open the Windows Control Panel and click System and Security > Windows Firewall, a Windows Firewall window appears.

• Each of the headings contains the following information:o Whether the computer is connected to a domain, private,

or public networko Whether the Windows Firewall service is currently turned

on or offo Whether inbound and outbound connections are blockedo Whether users are notified when a program is blocked

Monitoring Windows Firewall

The Windows Firewall window



Using the Windows Firewall Control Panel

• On the left side of the Windows Firewall window is a series of links that enable you to configure Windows Firewall to allow a specific app or feature through its barrier, change the firewall notification settings, turn Windows Firewall on and off, restore the default firewall settings, and configure advanced firewall settings.

• Clicking Change notification settings or Turn Windows firewall on or off displays the Customize settings for each type of network dialog box.

Using the Windows Firewall Control Panel

The Customize settings for each type of network page



Blocking Incoming Connections

• Select the Block all incoming connections, including those in the list of allowed apps checkbox to block all unsolicited attempts to connect to your computer.

• This does not prevent you from performing common networking tasks, like accessing web sites and sending or receiving emails.


Allowing Programs through the Firewall

• Click Allow an app or feature through Windows Firewall to open the Allow programs to communicate through Windows Firewall dialog box.

• In this dialog box, you can open a port through the firewall for specific programs and features installed on the computer.

• Opening a port in your firewall is inherently dangerous. The more holes you make in a wall, the greater the likelihood that intruders will get in.

Allowing Programs through the Firewall

The Allow programs to communicate through Windows Firewall page



Using the Windows Firewall with Advanced Security

Console• The Windows Firewall with Advanced

Security snap-in for Microsoft Management Console (MMC) provides direct access to the rules that control the behavior of Windows Firewall.

• To access the console from the Windows Control Panel, click System and Security > Administrative Tools > Windows Firewall with Advanced Security.

Using the Windows Firewall with Advanced Security

Console

The Windows Firewall with Advanced Security snap-in



Configuring Profile Settings

• You can change default behavior by clicking the Windows Firewall Properties link.

• The Windows Firewall with Advanced Security on Local Computer Properties sheet is configurable.

Configuring Profile Settings

The Windows Firewall with Advanced Security on Local Computer Properties sheet



Creating Rules• In the Windows Firewall with Advanced

Security console, you can work with the rules in their raw form.

• Selecting either Inbound Rules or Outbound Rules in the left pane displays a list of all the rules operating in that direction.

• The rules that are currently operational have a checkmark in a green circle, while the rules not in force are grayed out.

Creating Rules

The Inbound Rules list in the Windows Firewall with Advanced Security console



Default Windows Firewall Rules

Settings Private Public Domain

Core Networking Enabled Enabled Enabled

File and Printer Sharing

Enabled Disabled Disabled

Homegroup Disabled N/A N/A

Network Discovery Enabled Disabled Disabled

Remote Desktop Disabled Disabled Disabled


The New Rule Wizard• The New Rule Wizard takes you through

the process of configuring the following sets of parameters:o Rule Type o Programo Protocol and Ports o Scopeo Actiono Profileo Name


Importing and Exporting Rules

• After creating and modifying rules in the Windows Firewall with Advanced Security console, you can export them to a policy file.

• To create a policy file, select Export Policy from the Action menu in the Windows Firewall with Advanced Security console, and specify a name and location for the file.


Using Filters• The term filter refers to a feature that

enables you to display rules according to:o The profile they apply too Their current stateo The group to which they belong


IP Security (IPsec)• The IPsec standards are a collection of

documents that define a method for securing data while it is in transit over a TCP/IP network.

• IPsec includes a connection establishment routine, during which computers authenticate each other before transmitting data, and a technique called tunneling, in which data packets are encapsulated within other packets for their protection.


Configuring Connection Security

Rules • When you right-click the Connection Security

Rules node and select New Rule from the context menu, the New Connection Security Rule Wizard takes you through the process of configuring the following these parameters:o Rule Type o Endpointso Requirements o Authentication Method o Profile o Name


Configuring Windows Firewall with Group

Policy• When you browse to the Computer Configuration\

Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security node in a GPO, you see the interface, which is similar to that of the Windows Firewall with Advanced Security console.

• Clicking Windows Firewall Properties opens a dialog box with the same controls as the Windows Firewall with Advanced Security on Local Computer Properties sheet and clicking Inbound Rules and Outbound Rules launches the same wizards as the console.

Configuring Windows Firewall with Group Policy

The Windows Firewall with Advanced Security node in a GPO


Lesson Summary• Malware is malicious software created specifically for the

purpose of infiltrating or damaging a computer system without the user’s knowledge or consent. This type of software includes a variety of technologies, including viruses, Trojan horses, worms, spyware, and adware.

• Action Center is a centralized console that enables users and administrators to access, monitor, and configure the various Windows 8.1 security mechanisms.

• Windows Firewall is a software program that protects a computer by allowing certain types of network traffic in and out of the system while blocking others.

• You configure Windows Firewall by creating rules that specify what types of traffic to block and/or allow.

Copyright 2013 John Wiley & Sons, Inc.. All rights reserved. Reproduction or translation of this work beyond that named in Section 117 of the 1976 United States Copyright Act without the express written consent of the copyright owner is unlawful. Requests for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc.. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.