Overview
This lab will explore firewalls in the IT environment. Students will view and configure the two host-based firewalls that are packaged with the Windows operating systems as well as create a firewall rule within the Linux Kali 2 operating environment using the uncomplicated firewall (UFW).
outcomes:
In this lab, you will learn to:
- Enable Windows Firewall using the Control Panel.
- View Windows Firewall features using the Control Panel.
- Configure Windows Firewall using the Control Panel.
- View and configure Windows Firewall with Advanced Security (WFAS) using Administrative Tools.
- Enable a firewall on a Linux system and enable firewall rules.
Key terms and descriptions
Firewall
hardware component or software program running on a device that inspects network traffic and allows or blocks traffic based on a set of rules or exceptions
Network-based Firewall
located between the internal and external networks and is used to inspect traffic as it flows between networks, not to protect individual computers or computers on the same network
Host-based firewall
software that resides on an individual computer primarily to protect that computer from malicious traffic that manages to get through a perimeter firewall or originates on its own network or computer system
Firewall Rules (Exceptions)
created and used to allow and block traffic
Inbound Traffic
network data that originates from the external host and is addressed to a host on an internal network
Outbound Traffic
traffic an internal host sends to external hosts over the network
Stateful Firewall
remembers attributes about the packet it is looking at, as well as the previous packets, and creates a stateful table used to determine if the incoming connection is active or inactive. It checks incoming traffic against its state table and blocks any traffic that does not match the state of the conversation.
Windows Firewall with Advanced Security
a bidirectional host-based stateful firewall with CLI and GUI interface options for configuration. It is used to secure hosts from attack as well as control what traffic is going in and out of the systems. Profiles and multiple high-level default exceptions are features of the Windows Firewall with Advanced Security
Windows Firewall Profiles (Windows Server 2008 R2 and Windows 7)
Profiles are a way to group settings in the firewall such as firewall rules. They are applied to the computer depending on the type of network the NIC is connected to. Each profile has default rules that are applied when the firewall is enabled. Three profiles exist in Windows Firewall and Windows Firewall with Advanced Security. They are
• Domain – applied to the network adapter when the computer is connected to a network that has a domain controller and it can contact the domain
• Private – applied to the network adapter when the computer is connected to a network not on a domain, not directly connected to the internet, but behind a network firewall or some type of security device. The private profile should be more restrictive than a domain profile.
• Public – applied to a network adapter when it is connected to a public network like an airport hotspot. This should be the most restrictive because of the lack of security control.
• Domain – applied to the network adapter when the computer is connected to a network that has a domain controller and it can contact the domain
• Private – applied to the network adapter when the computer is connected to a network not on a domain, not directly connected to the internet, but behind a network firewall or some type of security device. The private profile should be more restrictive than a domain profile.
• Public – applied to a network adapter when it is connected to a public network like an airport hotspot. This should be the most restrictive because of the lack of security control.