Transcript 70-687 8.1 Lecture Slides Lesson 11x

Lesson 11: Configuring and
Maintaining Network Security
MOAC 70-687: Configuring Windows 8.1
Overview
• Exam Objective 3.3: Configure and maintain
network security
o Configure Windows Firewall
o Configure Windows Firewall with Advanced
Security
o Configure connection security rules (IPsec)
o Configure authenticated exceptions
o Configure network discovery
© 2013 John Wiley & Sons, Inc.
2
WPA-Enterprise WPAPersonal Defending Against
Malware
Lesson 11: Configuring and Maintaining Network
Security
© 2013 John Wiley & Sons, Inc.
3
Malware
• Malicious software infiltrates or damages a
computer system without the user’s
knowledge or consent.
• Malicious software includes viruses, Trojan
horses, worms, spyware, and adware.
• The term most commonly used to
collectively refer to these malicious software
technologies is malware.
© 2013 John Wiley & Sons, Inc.
4
Windows 8.1 Action
Center
• The Action Center is a centralized console
that enables users and administrators to
access, monitor, and configure the various
Windows 8.1 security mechanisms.
• Action Center is a service that starts
automatically and runs continuously on
Windows 8.1 computers, by default.
• The service constantly monitors the different
security mechanisms running on the
computer.
© 2013 John Wiley & Sons, Inc.
5
Windows 8.1 Action Center
The Action Center menu in the notification area
© 2013 John Wiley & Sons, Inc.
6
Accessing Action Center
• To open Action Center:
o Click the notification area icon
o Open from Control Panel
• Action Center displays information about
the problems it has discovered, and links to
possible solutions.
© 2013 John Wiley & Sons, Inc.
7
Accessing Action Center
The Action Center window
© 2013 John Wiley & Sons, Inc.
8
Understanding Firewalls
• A firewall is a software program or hardware
device that protects a computer by
allowing certain types of network traffic in
and out of the system while blocking others.
• To filter traffic, firewalls use rules, which
specify which packets are allowed to pass
through the firewall and which are blocked.
© 2013 John Wiley & Sons, Inc.
9
Understanding Firewalls
• Firewalls typically base their filtering on the
TCP/IP characteristics at the network,
transport, and application layers of the
Open Systems Interconnection (OSI)
reference model.
o IP addresses – Represent specific computers on
the network.
o Protocol numbers – Identify the transport layer
protocol being used by the packets.
o Port numbers – Identify specific applications
running on the computer.
© 2013 John Wiley & Sons, Inc.
10
Monitoring Windows
Firewall
• Windows Firewall is one of the programs monitored
by the Action Center service.
• When you open the Windows Control Panel and
click System and Security > Windows Firewall, a
Windows Firewall window appears.
• Each of the headings contains the following
information:
o Whether the computer is connected to a domain, private,
or public network
o Whether the Windows Firewall service is currently turned on
or off
o Whether inbound and outbound connections are blocked
o Whether users are notified when a program is blocked
© 2013 John Wiley & Sons, Inc.
11
Monitoring Windows Firewall
The Windows Firewall window
© 2013 John Wiley & Sons, Inc.
12
Using the Windows
Firewall Control Panel
• On the left side of the Windows Firewall window
is a series of links that enable you to configure
Windows Firewall to allow a specific app or
feature through its barrier, change the firewall
notification settings, turn Windows Firewall on
and off, restore the default firewall settings, and
configure advanced firewall settings.
• Clicking Change notification settings or Turn
Windows firewall on or off displays the
Customize settings for each type of network
dialog box.
© 2013 John Wiley & Sons, Inc.
13
Using the Windows Firewall
Control Panel
The Customize settings for each type of network page
© 2013 John Wiley & Sons, Inc.
14
Blocking Incoming
Connections
• Select the Block all incoming connections,
including those in the list of allowed apps
checkbox to block all unsolicited attempts
to connect to your computer.
• This does not prevent you from performing
common networking tasks, like accessing
web sites and sending or receiving emails.
© 2013 John Wiley & Sons, Inc.
15
Allowing Programs
through the Firewall
• Click Allow an app or feature through Windows
Firewall to open the Allow programs to
communicate through Windows Firewall dialog
box.
• In this dialog box, you can open a port through
the firewall for specific programs and features
installed on the computer.
• Opening a port in your firewall is inherently
dangerous. The more holes you make in a wall,
the greater the likelihood that intruders will get
in.
© 2013 John Wiley & Sons, Inc.
16
Allowing Programs through the
Firewall
The Allow programs to communicate through Windows
Firewall page
© 2013 John Wiley & Sons, Inc.
17
Using the Windows Firewall with
Advanced Security Console
• The Windows Firewall with Advanced
Security snap-in for Microsoft Management
Console (MMC) provides direct access to
the rules that control the behavior of
Windows Firewall.
• To access the console from the Windows
Control Panel, click System and Security >
Administrative Tools > Windows Firewall with
Advanced Security.
© 2013 John Wiley & Sons, Inc.
18
Using the Windows Firewall with
Advanced Security Console
The Windows Firewall with Advanced Security snap-in
© 2013 John Wiley & Sons, Inc.
19
Configuring Profile
Settings
• You can change default behavior by
clicking the Windows Firewall Properties link.
• The Windows Firewall with Advanced
Security on Local Computer Properties sheet
is configurable.
© 2013 John Wiley & Sons, Inc.
20
Configuring Profile Settings
The Windows Firewall with Advanced Security on Local
Computer Properties sheet
© 2013 John Wiley & Sons, Inc.
21
Creating Rules
• In the Windows Firewall with Advanced
Security console, you can work with the rules
in their raw form.
• Selecting either Inbound Rules or Outbound
Rules in the left pane displays a list of all the
rules operating in that direction.
• The rules that are currently operational have
a checkmark in a green circle, while the
rules not in force are grayed out.
© 2013 John Wiley & Sons, Inc.
22
Creating Rules
The Inbound Rules list in the Windows Firewall with
Advanced Security console
© 2013 John Wiley & Sons, Inc.
23
Default Windows Firewall
Rules Settings
Private
Public
Domain
Core Networking
Enabled
Enabled
Enabled
File and Printer
Sharing
Homegroup
Enabled
Disabled Disabled
Disabled
N/A
Network Discovery
Enabled
Disabled Disabled
Remote Desktop
Disabled
Disabled Disabled
© 2013 John Wiley & Sons, Inc.
N/A
24
The New Rule Wizard
• The New Rule Wizard takes you through the
process of configuring the following sets of
parameters:
o
o
o
o
o
o
o
Rule Type
Program
Protocol and Ports
Scope
Action
Profile
Name
© 2013 John Wiley & Sons, Inc.
25
Importing and Exporting
Rules
• After creating and modifying rules in the
Windows Firewall with Advanced Security
console, you can export them to a policy
file.
• To create a policy file, select Export Policy
from the Action menu in the Windows
Firewall with Advanced Security console,
and specify a name and location for the
file.
© 2013 John Wiley & Sons, Inc.
26
Using Filters
• The term filter refers to a feature that
enables you to display rules according to:
o The profile they apply to
o Their current state
o The group to which they belong
© 2013 John Wiley & Sons, Inc.
27
IP Security (IPsec)
• The IPsec standards are a collection of
documents that define a method for
securing data while it is in transit over a
TCP/IP network.
• IPsec includes a connection establishment
routine, during which computers
authenticate each other before transmitting
data, and a technique called tunneling, in
which data packets are encapsulated
within other packets for their protection.
© 2013 John Wiley & Sons, Inc.
28
Configuring Connection
Security Rules
• When you right-click the Connection Security
Rules node and select New Rule from the
context menu, the New Connection Security
Rule Wizard takes you through the process of
configuring the following these parameters:
o
o
o
o
o
o
Rule Type
Endpoints
Requirements
Authentication Method
Profile
Name
© 2013 John Wiley & Sons, Inc.
29
Configuring Windows
Firewall with Group Policy
• When you browse to the Computer
Configuration\Policies\Windows
Settings\Security Settings\Windows Firewall with
Advanced Security node in a GPO, you see the
interface, which is similar to that of the Windows
Firewall with Advanced Security console.
• Clicking Windows Firewall Properties opens a
dialog box with the same controls as the
Windows Firewall with Advanced Security on
Local Computer Properties sheet and clicking
Inbound Rules and Outbound Rules launches
the same wizards as the console.
© 2013 John Wiley & Sons, Inc.
30
Configuring Windows Firewall
with Group Policy
The Windows Firewall with Advanced Security node in a
GPO
© 2013 John Wiley & Sons, Inc.
31
Lesson Summary
• Malware is malicious software created specifically for the
purpose of infiltrating or damaging a computer system without
the user’s knowledge or consent. This type of software includes
a variety of technologies, including viruses, Trojan horses,
worms, spyware, and adware.
• Action Center is a centralized console that enables users and
administrators to access, monitor, and configure the various
Windows 8.1 security mechanisms.
• Windows Firewall is a software program that protects a
computer by allowing certain types of network traffic in and
out of the system while blocking others.
• You configure Windows Firewall by creating rules that specify
what types of traffic to block and/or allow.
© 2013 John Wiley & Sons, Inc.
32
Copyright 2013 John Wiley & Sons, Inc..
All rights reserved. Reproduction or translation of this work beyond that
named in Section 117 of the 1976 United States Copyright Act without the
express written consent of the copyright owner is unlawful. Requests for
further information should be addressed to the Permissions Department, John
Wiley & Sons, Inc.. The purchaser may make back-up copies for his/her own
use only and not for distribution or resale. The Publisher assumes no
responsibility for errors, omissions, or damages, caused by the use of these
programs or from the use of the information contained herein.