Using Windows Firewall and Windows Defender Lesson 7.

Using Windows Firewall Using Windows Firewall and Windows Defenderand Windows Defender

Lesson 7

Skills MatrixSkills Matrix

Technology Skill Objective Domain Skill Domain #Understanding Windows Firewall

Troubleshoot Windows Firewall issues

2.3

Configuring Windows Firewall

Troubleshoot Windows Firewall issues

2.3

Configuring Windows Firewall Basic Settings

Configure system exceptions

2.3

Configuring Windows Firewall with Advanced Security and Group Policy Settings

Configure system exceptions

2.3


Technology Skill Objective Domain Skill Domain #Understanding Windows Defender

Troubleshoot Windows Defender issues

2.4

Using Windows Defender Troubleshoot Windows Defender issues

2.4

Configuring Windows Defender Options Locally


2.4


Technology Skill Objective Domain Skill Domain #Using Software Explorer Troubleshoot Windows

Defender issues2.4

Scanning Your System Manually


2.4

Configuring Windows Defender Group Policy


2.4

A firewall is a device that limits inbound (and sometimes outbound) data connections in an attempt to strengthen security.

Windows Firewall is a host firewall that can run on each computer in a network to help prevent attacks.

Understanding Windows Firewall

Understanding Windows FirewallUnderstanding Windows Firewall

The following are some new features for Windows Firewall in Windows Vista.

Windows Firewall with Advanced Security Snap-in

IPSec integration

Outbound filtering

Expanded authenticated bypass

Support for Active Directory users, computers, and groups

Understanding Windows Firewall (cont.)

Understanding Windows FirewallUnderstanding Windows Firewall

You can configure the most basic settings for Windows Firewall through the Windows Firewall Settings dialog box.

More advanced settings can be configured by using the Windows Firewall with Advanced Security Snap-in and Group Policy.

Configuring Windows Firewall

Configuring Windows FirewallConfiguring Windows Firewall

Configuring Windows Firewall General Settings


The General tab enables you to turn Windows Firewall on or off and to block all inbound connections.

Configuring Windows Firewall Exceptions


Exceptions tab of the Windows Firewall Settings dialog box

Unblocking a Program in Windows Firewall


There are three ways to create an exception for an inbound connection request from a program.

Click Unblock on the Windows Security Alert dialog box when Windows Firewall blocks a program.

Configure a program exception on the Exceptions tab.

Unblocking a Program in Windows Firewall (cont.)


There are three ways to create an exception for an inbound connection request from a program (cont.).

Open the appropriate port on the Exceptions tab. This method is not recommended for individual programs.

Unblocking a Program in Windows Firewall (cont.)


Select one of the following:

Any computer (including those on the Internet) – Select this option to unblock the specified program for all computers.

My network (subnet) only – Select this option to unblock the specified program for your subnet.

Custom List – Select this option to specify the IP addresses of the computers for which you want to unblock the specified program.

Unblocking a Port in Windows Firewall


To add a port that is not in the list box, click Add port. The Add a Port dialog box appears.

Configuring the Advanced Tab in Windows Firewall


Do one of the following:

To enable Windows on a network connection – Select the check box for the network connection for which you want to enable Windows Firewall.

To disable Windows on a network connection – Clear the check box for the network connection for which you want to disable Windows Firewall.

Configuring the Advanced Tab in Windows Firewall (cont.)


Do one of the following (cont.):

To restore Windows Firewall default settings – Click Restore Defaults. In the Restore Defaults Confirmation warning box, click Yes to continue.

Configuring Windows Firewall with Advanced Security


Windows Firewall with Advanced Security Snap-in

Creating and Configuring Firewall Rules


Firewall Rules are the building blocks of exceptions.

You can configure Firewall Rules for both inbound and outbound connections.

Creating and Configuring Firewall Rules (cont.)


In the Action menu, click New Rule. The New Inbound/Outbound Rule Wizard appears.



Select one of the following:

Apply to all programs and services – Applies the rule to all processes

Apply to services only – Applies the rule only to services



Select one of the following (cont.):

Apply to this service – To select the service in the associated list box to which you want to apply the rule

Apply to service with this service short name – To select the service to which you want to apply the rule by specifying its short name



Protocol and Ports page of the New Inbound Rule Wizard



Scope page of the New Inbound Rule Wizard with example settings



Action page of the New Inbound Rule Wizard

Creating a Program Inbound or Outbound Rule


Program page of the New Inbound Rule Wizard

Creating a Port Inbound or Outbound Rule


Protocol and Ports page of the New Inbound Rule Wizard

Creating a Predefined Inbound or Outbound Rule


Possible choices for predefined rules with Windows Meeting Space selected

Creating a Predefined Inbound or Outbound Rule (cont.)


Predefined Rules page for the Windows Meeting Space predefined rule

Browsing Rules in Windows Firewall with Advanced Security


In the console tree, select one of the three rules nodes.

Inbound Rules

Outbound Rules

Connection Security Rules

Browsing Rules in Windows Firewall with Advanced Security (cont.)


In the action pane, there are three filters with which you can filter the list (two for Connection Security Rules).

Filter by Profile – To limit the list according to what profile the rules affect

Filter by State – To show all of the rules that are enabled or disabled

Browsing Rules in Windows Firewall with Advanced Security (cont.)


In the action pane, there are three filters with which you can filter the list (two for Connection Security Rules) (cont.).

Filter by Group (Outbound Rules and Inbound Rules only) – To view all of the rules in a particular group

Configuring Windows Firewall Group Policy Settings


Windows Firewall Group Policy settings allow you to configure settings that control Windows Firewall behavior for many computers simultaneously through Group Policy.

Configuring Windows Firewall Group Policy Settings (cont.)


Domain profile – The affected computers are connected to a network where domain controllers (in which the computer’s domain account resides) are available.

Standard profile – The affected computers are not connected to a network where domain controllers (in which the computer’s domain account resides) are available.

Disabling Windows Firewall Through Group Policy


Protect all network connections Properties dialog box with Disabled selected

Understanding Windows Defender

Understanding Windows DefenderUnderstanding Windows Defender

Windows Defender is Vista’s front-line defense against spyware and other unwanted software.

Spyware includes programs from pop-up advertisements to applications that gather data from your computer and send it across the Internet.

Configuring Windows Defender Options Locally

Using Windows DefenderUsing Windows Defender

Tools and Settings page of Windows Defender

Configuring Windows Defender Options Locally (cont.)


You can configure the following sets of options on the Options page of Windows Defender.

Automatic scanning

Default actions

Real-time protection options

Advanced options

Administrator options

Configuring Default Actions


Select one of the following options in the High alert items, Medium alert items, and Low alert items drop-down lists.

Default action (definition based) – Does what the virus definition recommends doing. This is the recommended setting.

Ignore – Ignores the detected program. This is not recommended, especially for high and medium alert items.

Configuring Default Actions (cont.)


Select one of the following options in the High alert items, Medium alert items, and Low alert items drop-down lists (cont.).

Remove – Removes the detected item automatically

Configure Real-Time Protection Options


Real-time protection options on the Options page of Windows Defender

Configuring Advanced Options


Configure the following check boxes: Scan the contents of the archived files and folders

for potential threats

Use heuristics to detect potentially harmful or unwanted behavior by software that hasn’t been analyzed for risks

Create a restore point before applying actions to detected items: Select if you may need to roll back a change made by Windows Defender.

Configuring Administrator Options


Open the Options page of Windows Defender.

• Scroll to the Administrator options section.

• If you want to turn on Windows Defender, select the Use Windows Defender check box.

• To limit Windows Defender use to Administrators, clear the Allow everyone to use Windows Defender check box.

Using Software Explorer


Software Explorer is a component of Windows Defender that enables you to view detailed information and control software (including configuring startup options) on your computer that may have a negative impact on performance, privacy, or security.

Using Software Explorer (cont.)


You can explore the following categories of software in Software Explorer.

Startup programs – Programs that run automatically with or without your knowledge when you start Windows

Currently running programs – Programs or processes currently running

Using Software Explorer (cont.)


You can explore the following categories of software in Software Explorer (cont.).

Network-connected programs – Programs or processes that can connect to the Internet or to your home or office network

Winsock service providers – Programs that perform low-level networking and communication services and often have access to important areas of the operating system

Exploring Software Using Software Explorer


Software Explorer in Windows Defender

Scanning Your System and Taking Action with Windows Defender


Quick Scan – Select this option to scan the most likely areas where unwanted software resides.

Full Scan – Select this option to scan the entire computer.

Scanning and Taking Action with Windows Defender (cont.)


Custom Scan – Select this option to specify the files and folders that you want to scan. You can use this option if you suspect a particular piece of undesirable software and know where it usually resides.

Scanning and Taking Action with Windows Defender (cont.)


Reviewing example scan results in Windows Defender after a full system scan

Configuring Windows Defender Group Policy


Windows Defender Group Policy settings are located in the Computer Configuration > Administrative Templates > Windows Components > Windows Defender folder of GPOs.

Accessing Windows Defender Group Policy Settings


Open the Group Policy object for which you want to configure Group Policy.

• In the Group Policy Object Editor console tree, expand Computer Configuration > Administrative Templates > Windows Components, and then select Windows Defender.

Accessing Windows Defender Group Policy Settings (cont.)


• In the details pane, right-click the policy setting that you want to configure, and then click Properties.

SummarySummary

Windows Firewall is a host firewall that can run on each computer in a network to help prevent attacks.

You learned how to configure basic Windows Firewall settings through the Windows Firewall Settings dialog box and to configure more advanced settings by using the Windows Firewall with Advanced Security Snap-in, whether locally or in Group Policy.

You Learned

SummarySummary

You learned how to create Firewall Rules, which are the building blocks of exceptions and can be configured for both inbound and outbound connections.

The purpose of Windows Defender is to block, find, and remove malicious software, including spyware.

You learned how to schedule scanning and launch manual scans in Windows Defender.

You Learned (cont.)

SummarySummary

You learned how to configure settings for Windows Defender through Group Policy.

You learned how to use Software Explorer to view detailed information and control software (including configuring startup options) on your computer that may have a negative affect.

You Learned (cont.)

Using Windows Firewall and Windows Defender Lesson 7.

Documents

Transcript of Using Windows Firewall and Windows Defender Lesson 7.