Windows 8 Firewall

7/28/2019 Windows 8 Firewall

1/30

Windows 8 Firewall


2/30

Windows 8 Firewall Topics

What is a firewall?

Firewall types

How a firewall works Default firewall behavior

Windows 8 firewall features

Configuring Windows 8 firewall


3/30

What is a firewall?

A device that filters packets either coming intoor going out of a device

Filtering can be based on IP, TCP, UDP and

other criteria relating to a packet as well asauthentication.

Criteria contained in firewall rules.

Firewall rule is similar to an access control liststatement

Example: permit host 172.16.1.1 host 180.50.1.1 eq

Telnet


4/30

Firewall Types

Packet filtering vs stateful vs proxy

Packet filtering makes each filtering decision on apacket by packet basis without regard to previous

packets in any direction

Stateful firewall keeps track of packet flows andfilters based on flow information

Proxy firewall works on a per-application basis.User sends to proxy, proxy creates new packetsourced from proxy


5/30

Firewall Types

Network-based vs host-based

Network-based runs a router, multi-layer switch ordedicated firewall

Host-based firewall runs on computer running OSsuch as Windows 7 or UNIX

Hardware vs software firewall

Hardware firewall chassis designed for specifically tooperate as a firewall; highest performance


6/30

6

Windows Firewall

Host-based, stateful software firewall

Evaluates each packet as it arrives or leaves anddetermines whether that packet is allowed or deniedbased on flow

Windows 8 firewall is improved over XP version


7/30

Default Firewall Behavior

Default is to allow all outbound traffic andresponse inbound traffic; deny all other inboundtraffic


8/30

How Firewall Works

Incoming packet is inspected and comparedagainst a list of allowed traffic.

If packet matches a list entry, packet passed to

TCP/IP protocol for further processing.

If the packet does not match a list entry then packetis discarded

If logging is enabled, Windows creates an entry in theFirewall logging file


9/30

How List is Populated

When enabled connection sends a packet, thefirewall creates an entry in the list for responsetraffic.

Allow rules can be manually created withAdvanced Security.


10/30

10

Windows 8 Firewall

Windows Firewall features

Inbound filtering

Outbound filtering Firewall rules combined with IPsec rules

Before Vista, IPSec was configured separately sometimesresulting in conflicting results


11/30

Windows 8 Firewall

Support for complex rules. Includes

Source and destination IP address

Source and destination port

Multiple ports per rule Interface types (i.e. wireless)

Services rather than port

Active Directory groups or users (IPSec rules only)

Support for logging

Allows monitoring of blocked packets


12/30

Locations and the Firewall

Windows Firewall with Advanced Security is a networklocation aware application

Windows 8 stores the firewall properties based on

location types Configuration for each location type is called a profile

In each profile you can:

Enable or disable Windows Firewall

Configure inbound and/or outbound connections

Customize logging and other settings


13/30

Locations and Firewall Settings

As the network location connected to changes,the Windows Firewall profile changes.

Windows Firewall can therefore automaticallyallow incoming traffic for a specific desktopmanagement tool when the computer is on adomain network but block similar traffic when

the computer is connected to public or privatenetworks.


14/30

Locations and Firewall Settings

Location types: work, home and public.

Location type affects Network Discovery andhomegroup capabilities

Network Discovery

allows you to see other computers and devices onthe network and allows other network users to see

your computer.


15/30

Location Types

Domain

Set by network administrator

Work

For small office or other workplace networks. Network discovery is on,

but you can't create or join a homegroup. Home

For home and other private environments. Computers can belong to ahomegroup. Network discovery is turned on.

Public

For public places (such as coffee shops or airports). HomeGroup is notavailable, and network discovery is turned off. You should also choosethis option if you're connected directly to the Internet without using arouter, or if you have a mobile broadband connection.


16/30

Configuring Windows Firewall


17/30

17

Basic Firewall Configuration


18/30

18

Advanced Firewall Configuration

Allows you to configure more complex rules,outgoing filtering, and IPsec rules


19/30

19



20/30

20

Windows Firewall Properties


21/30

21

IPSec Settings

IPsec is a system for securing and authenticatingIP-based network connections

IPsec defaults - you can configure Key exchange protocols

Data protection protocols

Authentication Method


22/30

22



23/30

23


View and Edit Firewall Rules

A large number of inbound and outbound rules arecreated by default in Windows Vista


24/30

24



25/30

25


View and Edit Firewall RulesYou modify an existing rule by opening its properties

Tabs in the properties of an outbound rule

General Programs and Services

Computers

Protocols and Ports

Scope

Advanced

Create New Firewall Rules

A wizard guides you through the process


26/30

26



27/30

27


Create New Firewall Rules

Rule types you can create with the Outbound RuleWizard

Program

Port

Predefined

CustomActions for a rule

Allow the connection

Allow the connection if it is secure

Block the connection


28/30

28



29/30

29


Create New Computer-Connection SecurityRules

Use IPsec to authenticate and secure communicationbetween two computers

Security rule types

Isolation

Authentication exemption Server-to-server

Tunnel

Custom


30/30

30


Windows 8 Firewall

Documents

Transcript of Windows 8 Firewall