Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 12 Windows Firewall and Action Center. Firewalls Protect networks by stopping network traffic from passing through it Implemented as either a.

Published byRoxanne Fitzgerald Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 12 Windows Firewall and Action Center. Firewalls Protect networks by stopping network traffic from passing through it Implemented as either a."— Presentation transcript:

1 Lecture 12 Windows Firewall and Action Center

2 Firewalls Protect networks by stopping network traffic from passing through it Implemented as either a hardware or software entity (or a combination of both) Allows internal traffic to leave the network Ex. Email to the outside world, web access, etc. Stop unwanted traffic from the outside world from entering the internal network Achieves these things through the use of rules Inbound, outbound, and connection-specific rules Two types of firewalls: Network perimeter firewalls Host-based firewalls

3 Rule Types There are 3 basic types of rules: Inbound Rules: Help protect your computer from other computers making unsolicited connections to it Outbound Rules: Help protect your computer by preventing your computer from making unsolicited connections to other computers Connection-specific Rules: Enable a computer’s administrator to create and apply rules based on a specific connection In Windows, this is referred to as Network Location Awareness Outgoing Rules Incoming Rules

4 Network Perimeter Firewalls Located at the boundary between the internal network and external networks such as the Internet Provide variety of services Can be hardware-based, software-based, or a combination of both Some of these types of firewalls provide application proxy services like Microsoft Internet Security Acceleration (ISA) Server Functionality Provided: Management and control of network traffic Inspecting state of communications between hosts Authentication and encryption Cannot provide protection for traffic generated inside a trusted network

5 Host-based Firewalls Run on individual computers and provide protection for traffic generated inside a trusted network Protect a host from unauthorized access and attack Provide an extra layer of security in your network Windows Firewall with Advanced Security can block specific types of outgoing traffic in addition to blocking unwanted incoming traffic Host Firewall

6 Network Location Awareness Windows 7 supports Network Location Awareness Enables network-interacting programs to change their behavior based on how the computer is connected to the network In case of Windows Firewall with Advanced Security, you can create rules that apply only when the profile associated with a specific network location type is active on your computer There are three location types: Public Private Domain

7 Network Location Awareness Public Location Type: Assigned by default to any new networks when they are first connected A public network is considered to be shared with the world No protection between the local computer and any other computer Firewall rules associated with the public profile are most restrictive

8 Network Location Awareness Private Location Type: Can be manually selected by a local administrator for a connection to a network that is not directly accessible to the public Connection be to a home or office network that is isolated from publicly accessible networks by using a firewall device or a device that performs network address translation (NAT) Wireless networks assigned the private network location type should be protected by using an encryption protocol such as Wi-Fi Protected Access (WPA) or WPAv2 A network is never automatically assigned the private network location type It must be assigned by the administrator Windows remembers the network, and the next time you connect to it, Windows automatically assigns the network the private network location type Due to the higher level of protection and isolation from the internet, private profile firewall rules allow more network activity than the public profile rule set

9 Network Location Awareness Domain Location Type: Detected when the local computer is a member of an Active Directory domain and the local computer can authenticate to a domain controller for that domain through one of its network connections An admin cannot manually assign this network location type Because of the higher level of security and isolation from the internet, domain profile firewall rules typically permit more network activity than either the private or public profile rule sets On a computer that is running Windows 7, if a domain controller is detected on any network adapter, then the Domain network location type is assigned to that network adapter

10 Screenshot of Domain Networks

11 Turning Windows Firewall On and Off To turn Windows Firewall on or off, simply open the Windows Firewall control panel and click Turn Windows firewall on or off. The Change notification settings link brings up the same screen as shown on the right: Not only can you turn the firewall on and off for each network location, you can also block all programs, and set notification when a program is blocked. One of the few reasons you would ever want to turn this off is if you had another firewall program that you want to use instead.

12 Allowing Programs Traditionally with firewalls, you can open or close a protocol port so that you can allow or block communication through the firewall. With Windows Firewall included in Windows 7, you specify which programs or features you want to communicate through the firewall. The most common options are available by clicking the Allow a program or feature through Windows Firewall option on the left pane of the Windows Firewall control panel. Only users that are members of the local Administrators group, or who have been delegated the appropriate privileges are able to modify Windows Firewall settings. If you need to open a port instead of specifying a program, you have to use the Windows Firewall with Advanced Security which is discussed later in this lecture.

13 Add a Program If a program that you want to create a rule for is not present on this list, click Allow Another Program. This opens the Add A Program dialog box. If the program that you want to create a rule for is not listed, click Browse to add it. Click the Network Location Types button to specify the network profiles in which the rule should be active. If a program is blocked, the first time you try to run it you are notified by the firewall, allowing you to configure an exception that allows traffic from this program in the future. If an exception is not configured at this time, you will need to use the steps above to allow traffic through.

14 Windows Firewall with Advanced Security (WFAS) Designed for advanced users and IT professionals Offers more powerful configuration options than the standard Windows Firewall Can use it to configure Inbound and Outbound rules, block or allow incoming or outgoing connections based off Protocols and/or Programs and Services, and configure IPSec Inbound and Outbound rules can be enforced on predefined profiles, Public, Private, Domain, or all Profiles WFAS is useful when you need to enable a rule to allow traffic for a specific service while connected to one network profile, but not on another Example: You can allow FTP traffic for the Domain (Work) Profile, but not for the Public Profile This allows computers in your work place to connect to your computer hosting an FTP service, but traffic is blocked when you’re connected to another network Default Inbound rule settings is to block all connections that don’t have rules (exceptions) that allow the connection unless the incoming request is a response from the client Default Outbound rule allows all outbound connections unless you have explicitly blocked an outbound connection

15 Windows Firewall with Advanced Security To access Windows Firewall with Advanced Security snap-in, open the Network and Sharing Center and click on Advanced Settings in the left pane. Or, you can type Windows Firewall with Advanced Security into the Search Programs And Files box in the Start menu. You must be a member of the administrators group.

16 Creating Rules To create and inbound or outbound rule, follow these steps: First click on Inbound Rules or Outbound Rules in the left pane depending on which type of rule you are trying to create. In this case, we selected Inbound Rules. Click on the Action menu and select New Rule.

17 New Inbound Rule Wizard This brings up the New Inbound Rules Wizard. In this window you can define a rule based on a program, a port, a predefined service or feature, or multiple parameters (custom rule). The program and predefined rules are the same as those found in the standard Windows Firewall. The custom rule allows you to configure a rule based on more than one option, for example, a rule that involves a specific program and ports.

18 New Inbound Rule Wizard What happens from here depends on the type of rule you are going to create and we suggest that you familiarize yourself with all of them. In this case, we are going to create a custom rule.

19 Applying to a Specific Program Here you can apply the rule to all programs, browse to a specific program, or a service. We're going to apply ours to a specific program by clicking the Browse and selecting a program.

20 Apply to Specific Protocols and Ports Here we can apply the rule to specific protocols and ports. We selected a TCP port.

21 Define Scope of the Rule Next, we define the scope of the rule. We have the option to configure local and remote addresses. The local IP address is used by the local computer to determine if the rule applies. The rule only applies to network traffic that goes through a network adapter that is configured to use one of the specified addresses. Specify the remote IP addresses to which the rule applies. Network traffic matches the rule if the destination IP address is one of the addresses in the list.

22 Allow or Block Connection Next, we can allow the connection, allow the connection if it is secure, or block the connection.

23 Choosing Network Locations Now we choose which network locations the rule will apply to.

24 Firewalls In the final step, we enter a name and description for the rule and click Finish. The previous instructions only demonstrate one of the possible types of rules you can create, and the dialogue boxes will vary depending on the type of rule and selections you make. In addition to inbound and outbound rules, you can also configure Connection Security Rules. Import and Export: WFAS allows you to import and export the current firewall configuration for the purpose of easy configuration on stand-alone computers. To roll out the firewall configuration on a company network, it is better to use group policy. The import and export feature also essentially enables you to make a backup copy of your configuration before you make changes to it. Exported policy files are binary with a.wfw extension.

25 Action Center & Windows Defender Configuring the Action Center These days, having a firewall just isn’t enough. Spyware and viruses are becoming more widespread, more sophisticated, and more dangerous. Users can unintentionally pick up spyware and viruses by visiting websites, or by installing an application in which spyware and viruses are bundled. Even worse, malicious software cannot typically be uninstalled. Thus, antispyware and virus protection applications are also required to ensure that your computer remains protected. You can further protect your Windows 7 computers using the Action Center. Using Windows Defender Windows 7 comes with an antispyware application called Windows Defender. Windows Defender offers real-time protection from spyware and other unwanted software. You can also configure Windows Defender to scan for spyware on a regular basis. Like antivirus programs, Windows Defender relies on definitions, which are used to determine whether a file contains spyware. Out-of-date definitions can cause Windows Defender to fail to detect some spyware. Windows Update is used to regularly update the definitions used by Windows Defender so that the latest spyware can be detected. You can also configure Windows Defender to manually check for updates using Windows Update. To access Windows Defender, click Start  Control Panel  Large Icons View  Action Center  Windows Defender. The status appears at the bottom of the screen, which includes time of the last scan, the scan schedule, the real-time protection status, and the definition version.

26 Windows Defender

27 Let’s look at how we can scan the system for spyware using Windows Defender. Performing a Manual Scan You can configure Windows Defender to perform a manual scan of your computer at any time. You can perform the following three types of scans: ◆ Quick Scan checks only where spyware is most likely to be found. ◆ Full Scan checks all memory, running processes, and folders. ◆ Custom Scan checks only the drives and folders that you select. By default, Windows Defender performs a Quick Scan daily at 2 A.M. You can change this as setting by using the Tools menu option. Programs are classified into four spyware alert levels: Severe, High, Medium, and Low Depending on the alert level, you can choose to have Windows Defender ignore, quarantine, remove, or always allow software.

28 Configuring Windows Defender Use the Tools and Settings menu to configure Windows Defender. You can access the following items through this menu: ◆ Options ◆ Microsoft SpyNet ◆ Quarantined Items ◆ Allowed Items ◆ Windows Defender Website ◆ Microsoft Malware Protection Center

29 Windows Defender Options Options Click Options on the Tools and Settings menu to enable you to configure the default behavior of Windows Defender. You can configure the following options: Automatic Scanning - You can configure Windows Defender to scan automatically, how often automatic scans should occur, the time that scans will occur, and the type of scan to perform. Default Actions - You can configure the actions Windows Defender should take on High, Medium, and Low Alert items. You can set each level so that Windows Defender can take the default action for that level, always remove the item, or always ignore the item. Real-Time Protection You can configure whether real-time protection is enabled, which security agents you want to run, how you should be notified about threats, and whether a Windows Defender icon is displayed in the notification area. Options continued on next slide…

30 Windows Defender Options Continued Excluded Files And Folders - You can set up files and folders that are to be excluded during a scan. Excluded File Types You can specify certain file types that will be excluded from a scan. For example, you can exclude all.doc files if needed. Advanced - These options let you configure whether: ◆ Archived files and folders are scanned ◆ Email is scanned ◆ Removable drives are scanned ◆ Heuristics are used to detect unanalyzed software ◆ A restore point is created before removing spyware You can also specify file locations that are exempt from scanning Administrator - These options let you configure whether Windows Defender is enabled, and whether you display items from all users on this computer.

31 Windows Defender Microsoft SpyNet Microsoft SpyNet is an online community that can help you know how others respond to software that has not yet been classified by Microsoft. Participation in SpyNet is voluntary, and subscription to SpyNet is free. If you choose to volunteer, your choices will be added to the community so that others can learn from your experiences. To join the SpyNet community, click Microsoft SpyNet on the Tools menu, and then choose either a basic or advanced membership. The level of membership will specify how much information is sent to Microsoft when potentially unwanted software is found on your computer. By default, I Do Not Want To join Microsoft SpyNet At This Time is selected, but you can choose to participate in SpyNet by selecting the appropriate radio button. If you choose not to participate, no information is sent to Microsoft, and Windows Defender does not alert you regarding unanalyzed software. Quarantined Items Software that has been quarantined by Windows Defender is placed in Quarantined Items. Quarantined software will remain here until you remove it. If you find that a legitimate application is accidentally removed by Windows Defender, you can restore the application from Quarantined Items.

32 Windows Defender Allowed Items Software that has been marked as allowed is added to the Allowed Items list. Only trusted software should be added to this list. Windows Defender will not alert you regarding any software found on the Allowed Items list. If you find that a potentially dangerous application has been added to the Allowed Items list, you can remove it from the list so that Windows Defender can detect it. Windows Defender Website Clicking Windows Defender Website opens Internet Explorer and takes you to the Windows Defender website. Here you can find information on Windows Defender, spyware, and security. Microsoft Malware Protection Center Clicking Microsoft Malware Protection Center opens Internet Explorer and takes you to the Malware Protection Center website. Here, you can find information on antimalware research and responses. History Menu Option There is also a History menu option next to the tools option. You can use the History menu option to see what actions have been taken by Windows Defender. Information is included about each application, the alert level, the action taken, the date, and the status. Information is retained until you click the Clear History button.

Download ppt "Lecture 12 Windows Firewall and Action Center. Firewalls Protect networks by stopping network traffic from passing through it Implemented as either a."

Similar presentations

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.
Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Operating System Customization

Operating System Customization
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Chapter 6: Configuring Security. Options for Managing Security Configurations LGPO (Local Group Policy Object) –Used if Computer is not part of a domain.

Chapter 6: Configuring Security. Options for Managing Security Configurations LGPO (Local Group Policy Object) –Used if Computer is not part of a domain.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Spring 2008 www.umsl.edu/~iclabs. Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
File sharing. Connect the two win 7 systems with LAN card Open the network.

File sharing. Connect the two win 7 systems with LAN card Open the network.
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
Working with Drivers and Printers Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Understanding Drivers and Devices Install and configure.

Working with Drivers and Printers Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Understanding Drivers and Devices Install and configure.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

Similar presentations

Ads by Google