CIS 170F: Windows 7 Administration

Week 8

Networking
Windows Firewall
Advanced Firewall Configuration

To access Windows Firewall with Advanced Security, click Start => Control Panel => Large Icons View => Windows Firewall and then click the Advanced Settings link.

  • Advanced Firewall Configuration allows you to configure more complex rules, outgoing filtering, and IPsec rules.
  • The tools available to perform advanced firewall configuration are:
    • Windows Firewall with Advanced Security utility: This utility is a graphical tool to configure all of the Windows Firewall features on a single computer.
    • By using this interface, you can:

      • Configure firewall properties
      • View and edit rules
      • Create new firewall rules
      • Create new computer connection security rules
      • Monitor Windows Firewall rules and connections




    • Netsh: This is a command-line utility for managing network configuration. It is also capable of configuring allof the Windows firewall features on the local computer.
    • Group Policy: To quickly and easily manage the Windows Firewall settings in a corporate environment, you should use Group Policy. It \allows firewall settings to be applied to hundreds or thousands of computers very quickly.
  • Windows 7 stores the firewall properties based on location types. The configuration of each location type is referred to as a profile.
  • TheWindows Firewall with Advanced Security on Local Computer node shows the configuration of each profile.
  • In each profile, you can:

    • Enable or disable Windows Firewall
    • Configure inbound connections
      • Block (default): All inbound connections are blocked unless specifically allowed by a rule.
      • Block all connections: All inbound connections are blocked regardless of the rules.
      • Allow: All inbound connections are allowed unless specifically blocked by a rule.
    • Configure outbound connections
      • Allow (default): All outbound connections are allowed unless specifically blocked by a rule.
      • Block: All outbound connections are blocked unless specifically allowed by a rule.
    • Customize protected network connections: Select which network interfaces this firewall state applies to - All are selected by default.
    • Customize settings
      • Display notifications to the user when a program is blocked from receiving inbound connections.
      • Allow unicast response to multicast or boadcast network traffic.
      • Apply local firewall rules.
      • Apply local connection security rules.
    • Customize logging
      • Name
      • Size limit
      • Log dropped packets
      • Log successful connections
  • IPsec is a system for securing and authenticating IP-based network connections.
  • The IPsec settings you can configure are:
    • Key exchange
    • Data protection
    • Authentication Method


    Read more about IPsec at:
    http://en.wikipedia.org/wiki/IPsec.
  • A large number of inbound and outbound rules are created by default in Windows 7.




  • You modify an existing rule by opening its properties. Tabs in the properties of an outbound rule include:
    • General
    • Programs and Services
    • Computers
    • Protocols and Ports
    • Scope
    • Advanced
  • You can create new firewall rules using a wizard.
  • The rule types you can create with the Outbound Rule Wizard are:
    • Program
    • Port
    • Predefined
    • Custom

    The actions for a rule are:





    • Allow the connection
    • Allow the connection if it is secure
    • Block the connection
  • You can use IPsec to authenticate and secure communication between two computers.
  • The security rule types are:





    • Isolation
    • Authentication exemption
    • Server-to-server
    • Tunnel
    • Custom
  • The Firewall node under Monitoring in the Windows Firewall with Advanced Security snap-in allows you to see all of the rules that are enabled in one screen.




  • The Connection Security node under Monitoring allows you to see the computer connection security rules that are enabled and any security associations that are active.
  • Security association is the set of rules for communication negotiated between two computers. If two computers have a security association, they are using IPsec to communicate. Security associations are listed in two categories:
    • Main mode: Used for the initial configuration of an IPsec connection, including authentication.
    • Quick Mode: Signifies a secure IPsec communication channel has been negotiated.