Lab 10: Network Security - Firewalls - · PDF fileLab 10: Network Security - Firewalls 3 This...

CompTIA Network+® Lab Series

Network Concepts

Lab 10: Network Security - Firewalls Objective 5.5: Given a scenario, install and configure a basic firewall

Document Version: 2015-09-18

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Development was funded by the Department of Labor (DOL) Trade Adjustment Assistance Community College and Career Training (TAACCCT) Grant No. TC-22525-11-60-A-48; The National Information Security, Geospatial Technologies Consortium (NISGTC) is an entity of Collin College of Texas, Bellevue College of Washington, Bunker Hill Community College of Massachusetts, Del Mar College of Texas, Moraine Valley Community College of Illinois, Rio Salado College of Arizona, and Salt Lake Community College of Utah.

This workforce solution was funded by a grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties or assurances of any kind, express or implied, with respect to such information, including any information on linked sites, and including, but not limited to accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership.

Lab 10: Network Security - Firewalls

Contents Introduction ........................................................................................................................ 3

Objective: Explore Firewalls ............................................................................................... 3

Lab Topology ....................................................................................................................... 5

Lab Settings ......................................................................................................................... 6

1 Enable Windows Firewall ............................................................................................ 9

1.1 Enable Windows Firewall from the Control Panel ............................................... 9

1.2 Conclusion .......................................................................................................... 12

1.3 Review Questions ............................................................................................... 12

2 View Windows Firewall Features .............................................................................. 13

2.1 View Windows Firewall Features Using the Control Panel ................................ 13

2.2 Conclusion .......................................................................................................... 16

3 Configure an Exception in Windows Firewall ........................................................... 17

3.1 Configure an Exception in Windows Firewall Using the Control Panel ............. 17

3.2 Conclusion .......................................................................................................... 23

4 View and Configure Windows Firewall with Advanced Security (WFAS) ................. 24

4.1 View Windows Firewall with Advanced Security Settings Using Administrative Tools 24

4.2 Configure Windows Firewall with Advanced Security Using Administrative Tools 28

4.3 Conclusion .......................................................................................................... 32

5 Create a Firewall Rule (iptables) within Linux .......................................................... 33

5.1 Enable a Firewall Rule ........................................................................................ 33

5.2 Conclusion .......................................................................................................... 35

Introduction

This lab is part of a series of lab exercises designed to supplement coursework and provide students with a hands-on training experience based on real world applications. This series of lab exercises is intended to support courseware for CompTIA Network+® certification. This lab will explore firewalls in the IT environment. Students will view and configure the two firewalls that come inherent in Windows operating systems as well as create a firewall rule within the Linux Backtrack 5 r3 operating environment. This lab includes the following tasks:

1. Enable Windows Firewall Using the Control Panel 2. View Windows Firewall features Using the Control Panel 3. Configure Windows Firewall Using the Control Panel 4. View and Configure Windows Firewall with Advanced Security (WFAS) Using

Administrative Tools 5. Enable a firewall on a Linux system and Enable Firewall rules.

Objective: Explore Firewalls

Just as it is important to employ security measures to protect your personal belongings at home by locking your doors or having an alarm system on your car; it is also important to protect computers and networks by using “locks and alarms”. Firewalls are security systems for your computers and networks and while they do not guarantee all intrusions will be prevented, they do create barriers for attackers. Firewalls can be implemented using hardware devices or they can be software based or a combination of both. By blocking unauthorized traffic, firewalls help avoid internal and external threats that can compromise networks and computer systems. Firewalls inspect traffic and allow or block the traffic based on a set of rules known as firewall rules, exceptions, or access control lists. The purpose of this lab is to provide instruction on how to view and configure software based firewalls in both the Windows and Linux operating environments. For this lab, the following terms and concepts will be of use: Firewall - hardware component or software program running on a device that inspects network traffic and allows or blocks traffic based on a set of rules or exceptions Network-based firewall – located between the internal and external networks and is used to inspect traffic as it flows between networks, not to protect individual computers or computers on the same network

Host-based firewall - software that resides on an individual computer primarily to protect that computer from malicious traffic that manages to get through a perimeter firewall or originates on its own network or computer system Firewall rules (exceptions) – created and used to allow and block traffic Inbound traffic - network data that originates from the external host and is addressed to a host on an internal network Outbound traffic - traffic an internal host sends to external hosts over the network Stateful firewall –remembers attributes about the packet it is looking at, as well as the previous packets and creates a stateful table used to determine if the incoming connection is active or inactive. It checks incoming traffic against its state table and blocks any traffic that does not match the state of the conversation. Windows Firewall with Advanced Security – a bi-directional host-based stateful firewall with CLI and GUI interface options for configuration. It is used to secure hosts from attack as well as control what traffic is going in and out of the systems. Profiles and multiple high-level default exceptions are features of the Windows Firewall with Advanced Security. Windows Firewall Profiles - (Windows Server 2008 R2 and Windows 7) – Profiles are a way to group settings in the firewall such as firewall rules. They are applied to the computer depending on the type of network the NIC is connected to. Each profile has default rules that are applied when the firewall is enabled. Three profiles exist in Windows Firewall and Windows Firewall with Advanced Security. They are:

Domain – applied to the network adapter when the computer is connected to a network that has a domain controller and it can contact the domain

Private - applied to the network adapter when the computer is connected to a network not on a domain, not directly connected to the internet, but behind a network firewall or some type of security device. The private profile should be more restrictive than a domain profile.

Public - applied to a network adapter when it is connected to a public network like an airport hotspot. This should be the most restrictive because of the lack of security control.

Lab Topology

Lab Settings

The following table includes settings necessary to complete the lab. The Windows firewalls referenced and used in this lab are consistent with those included with Windows 7, Windows Server 2008 R2, and beyond, previous versions of Windows had firewalls with different features and capabilities. Log in to the following virtual machines before starting the tasks in this lab:

Windows 2k8 R2 Internal 1 IP Address/Default Gateway

192.168.12.10/24 192.168.12.1

Windows 2k8 R2 Internal 1 Password P@ssw0rd

Windows 2k8 R2 Internal 2 IP Address/Default Gateway

192.168.12.11/24 192.168.12.1

Windows 2k8 R2 Internal 2 Password P@ssw0rd

Windows 2k8 R2 External IP Address/Default Gateway

131.107.0.200/24 131.107.0.1

Windows 2k8 R2 External Password P@ssw0rd

Backtrack 5 Internal IP address/ Default Gateway

192.168.12.12/24 192.168.12.1

Backtrack 5 Internal Username/Password GUI

root/toor startx

Windows 2k8 R2 Login (applies to all Windows machines)

1. Click on the Windows 2k8 R2 icon on the topology that corresponds to the machine you wish to log in to.

2. Use the PC menu in the NETLAB+ Remote PC Viewer to send a Ctrl-Alt-Del (version 2 viewer), or click the Send Ctrl-Alt-Del link in the bottom right corner of the viewer window (version 1 viewer).

3. In the password text box, type P@ssw0rd and press Enter to log in.

You are using the Administrator account. You must be an Administrator or have Administrator privileges to complete the tasks in this lab.

4. If the Initial Configuration Tasks and/or Server Manager windows appear, close them by clicking on the “X” in the top-right corner of the window.

Backtrack 5 Internal Login

Keep in mind that Linux commands are case sensitive. The Linux commands below must be entered exactly as shown.

1. Click on the Backtrack 5 Internal icon on the topology. 2. At the bt5internal login: prompt, type the username root and press Enter.

3. At the Password: prompt, type the password toor and press Enter.

The password will not be displayed as you type into the prompt.

4. Once you have successfully logged in, type startx at the root@bt5internal:~# prompt and press Enter. This will start the GUI (Note: If you are disconnected after typing startx, click Yes on the popup message to reconnect).

1 Enable Windows Firewall

Many organizations today secure their networks like medieval castles; build a strong defense around the perimeter with little protection once the perimeter is penetrated. Companies deploy network-based firewalls or IPSec to prevent the entry of malicious traffic into the organization's network from an outside network, but if an attack penetrates the perimeter, hosts are vulnerable. Implementing a host-based firewall such as Windows Firewall can help guard hosts from attacks. 1.1 Enable Windows Firewall from the Control Panel

1. Use the instructions in the Lab Settings section to log on to the Windows 2k8 R2

Internal 2 machine, if you are not logged in already. 2. On the Windows 2k8 R2 Internal 2 machine, access the Windows Firewall by

clicking Start -> Control Panel. The Control Panel window will open.

3. Click on System and Security. The System and Security window will open. This is where the link to the Windows Firewall program is located.

4. Click on Windows Firewall. The Windows Firewall tool opens. By default, Windows Firewall is turned on. If you see green boxes and a green check mark in the shield, Windows Firewall is running. If the boxes and shields are red, click on the Turn Windows Firewall on or off link in the left navigation panel as shown. Click Use recommended settings to continue.

5. The Windows Firewall is now turned on for Home or work (private) networks and for Public Networks. If The Customize Settings window opens and the firewall is not on, turn on the Windows Firewall by clicking the Turn on Windows Firewall radio button for both Home or work (private) network location settings and Public network location settings. Click OK.

As shown below, the firewall is now on for both private and public locations, but the public network location shows no active public networks. Even though a location is not active, the firewall state can be turned on, allowing the firewall to be applied to the computer when a connection is made to that type of location. Also, notice the Incoming Connections settings. These settings determine the behavior for inbound traffic that does not match an inbound firewall rule. The default behavior is to block incoming connections unless there are firewall rules to allow it.

6. Click the "X" in the upper-right corner to close the Windows Firewall.

1.2 Conclusion

Enabling a host-based firewall such as Windows Firewall protects an organization’s internal systems from harmful network traffic that gets through the network perimeter firewall, or from malicious traffic that originates from inside the internal network. 1.3 Review Questions

1. Describe a host-based firewall.

2. Describe a network-based firewall.

3. Which type of firewall is Windows Firewall?

4. Explain the Notification state in Windows Firewall.

2 View Windows Firewall Features

Using the Windows Firewall through the Control Panel applet allows you access to the basic Windows Firewall GUI interface, providing ease of use for even inexperienced computer users. The Windows Firewall GUI gives users a less complex way to configure firewall rules, which are referred to as exceptions in Windows Firewall. Only inbound rules can be configured in the basic Windows Firewall. 2.1 View Windows Firewall Features Using the Control Panel

1. Use the instructions in the Lab Settings section to log into the Windows 2k8 R2

Internal 2 machine, if you are not already logged in. 2. View features of the Windows Firewall when configuring through the Control

Panel. a. Begin by clicking on Start -> Control Panel. The Control Panel window

will open. b. Click on System and Security. The System and Security window will open

with a link to Windows Firewall. c. Click on Windows Firewall. The Windows Firewall tool will open. d. Click on Allow a program or feature through Windows Firewall in the

left console panel. The Allowed Programs window opens and shows a list of programs installed on the local computer that are or can be allowed to communicate through the firewall by creating what are sometimes called “holes” in the firewall. This is done using the Change settings button or check boxes beside the programs.

Notice the column names in the Allow a programs and features window. They are the locations associated to profiles configured when Windows Firewall is turned on or a new network connection is detected. A user is prompted to choose a location when a new network is identified. Windows Firewall associates a profile to that network location or type. This allows Windows Firewall to apply a different set of firewall rules to each profile, depending on the network connection type. Windows Firewall has three types of locations and profiles: public, private (home/work), and domain. Public location is the default location applied if the user does not make a selection and the connection is not detected to be to a domain. A public profile is

applied, which has the most restrictive set of rules. If a home or work location is selected and then a private profile is applied, a less restrictive set of rules is used. Domain location means the NIC is detected as being connected to a domain and a domain profile is applied. This is set of rules is determined by the network administrator. Prior to Windows 7 and Windows Server 2008 Windows operating systems, a computer could have only one active firewall profile. On Windows 7, Windows Server 2008 R2, and beyond, if a system is multi-homed, having more than one NIC, there can be an active profile for each NIC.

3. Using the scroll bar at the right of the Allowed programs or features list, scroll to view the full list. Note the programs and services that are marked with a check. This means they have been unblocked by an exception in Windows Firewall. Notice that the exceptions are not the same in each profile. This is a result of the need for more or less restriction for a location. This will also happen when users manually configure firewall rules.

a. Click on the Allow another program … button in the Allowed Programs dialog box. The Add a Program dialog box opens. This feature permits a user to select programs to add to the list of allowed programs enabling a particular program to send and receive information through the firewall. Windows Firewall will usually create the necessary exceptions during program installation, but when for some reason Windows Firewall cannot perform the configuration automatically, users can add the program here.

b. Click the Browse button on Add a Program. A Windows Explorer window opens, where you can search for programs not listed under the Programs section that you would like to add to the exceptions list. Do not select any programs to add, click Cancel to close the Windows Explorer window.

c. Click the Network Locations Types button on the Add a Program dialog box. Here, users can to specify the network locations for added programs. Click Cancel to close the Choose Network Location Types window.

d. Click Cancel to close the Add a Program window.

2.2 Conclusion

The Windows Firewall GUI is a user-friendly tool, which simplifies the configuration of exceptions. Windows Firewall uses incoming traffic rules that directly relate to a program or service running on the local system. 2.3 Review Questions

1. Discuss why network profiles are important.

2. Describe the three types of profiles found in the Windows Firewall.

3. Explain and give an example of network locations.

3 Configure an Exception in Windows Firewall

By default when enabled, Windows Firewall blocks most hosts from receiving information through the firewall, if it is an unsolicited message. Specifically allowing an inbound connection for a specific program requires unblocking it. To unblock a program using the Windows Firewall Control Panel, select a predefined Windows exception for the program and check the check box next to the program to unblock it. Manually adding the program to the Exceptions list using the Add a Program dialog box will add an exception and the program with boxes checked will be visible in the Allow programs to communicate through Windows Firewall list. Exceptions, also known as firewall rules, are used to both block and unblock traffic, but can only be unblocked using the Basic Windows Firewall tool. In this task, an exception allowing incoming connections using Remote Desktop will be configured on the Windows 2k8 R2 Internal 1 machine. 3.1 Configure an Exception in Windows Firewall Using the Control Panel

Before configuring the exception for Remote Desktop connection on the Windows 2k8 R2 Internal 1 machine, you will need to verify that the two computers used in this task cannot connect through Remote Desktop Connection. Once this is determined, you will then configure the Remote Desktop exception and verify that the two computers used in the task can connect using Remote Desktop to establish that the exception was applied.

This portion of the task is performed on the Windows 2k8 R2 Internal 1 machine.

1. Verify that the Windows 2k8 R2 Internal 1 machine cannot use Remote Desktop

Connection to reach the Windows 2k8 R2 Internal 2 machine. To do this, you will first need to log on to the Windows 2k8 R2 Internal 1 machine. a. Use the instructions provided in the Lab Settings section to log on to the

Windows 2k8 R2 Internal 1 machine, if you are not logged in already. b. On the Windows 2k8 R2 Internal 1 machine Click Start -> All Programs.

c. Click on the Accessories folder -> Remote Desktop Connection. The Remote Desktop Connection dialog box opens.

d. Type in the IP address of the computer you want to connect to, which in this case is the IP address of the Windows 2k8 R2 Internal 2 machine, 192.168.12.11 and click Connect.

e. Remote Desktop Connection will begin to initialize and then fail. Why does the connection fail? Because the Windows Firewall exception is blocking the program. You should receive an error message like the one below. Click OK to close the error message window and leave Remote Desktop Connection running on the Windows 2k8 R2 Internal 1 machine.

2. Next, on the Windows 2k8 R2 Internal 2 machine, we will configure an

exception to allow Remote Desktop access. a. Access the Windows Firewall. One way to do this is to click on Start ->

Control Panel -> System and Security -> Windows Firewall. The Windows Firewall tool opens.

b. Click on Allow a program or feature through Windows Firewall on the left Navigation console. The Allowed Programs window opens. The dialog box shows a list of currently installed features and programs for which inbound rules have been created.

c. Scroll until you find Remote desktop and check the box next to it. Also, pay attention to which profile is checked. Remember, when you check this box it is allowing traffic in and out of the firewall for this program, so be sure that it is only enabled in the profile you intend. In this case, Private is the only profile that should be checked because you will be creating a remote connection between two internal computers.

d. Click OK to create the exception.

e. Now, you will need to allow remote connections to the computer. Click on

Start-> Right-click Computer, highlight and left-click Properties.

f. Click on Remote Settings in the left panel. This will open the System Properties window.

g. In the System Properties window under the Remote Desktop heading, select

the Allow connections from computers running any version of Remote Desktop radio button. You may get a Remote Desktop Connection warning when this is selected. If you do, click OK. Click OK again to allow connections

3. Test the applied exception.

a. To do this, go back to the Windows 2k8 R2 Internal 1 machine and access Remote Desktop Connection. One way to do this is to go to Start -> All Programs -> Accessories folder -> Remote Desktop Connection. This opens the Remote Desktop Connection dialog box.

b. Type in the IP address of Windows 2k8 R2 Internal 2 machine, 192.168.12.11 and click Connect.

c. It may take a few seconds while the connection initializes. You may receive a message warning about the computer’s authentication and be prompted to indicate if you want to continue connecting without a proper security certificate. This is not always advisable for good security measures, but for the purpose of the lab, click Yes.

d. When the Windows Security window opens, type in the password, P@ssw0rd, for the Administrator account on the Windows 2k8 R2 Internal 2 machine. Click OK and this will allow you to log on remotely to the Windows 2k8 R2 Internal 2 machine.

e. You will verify that the Remote Desktop exception is working, once you have logged on to the Windows 2k8 R2 Internal 2 machine using the Remote Desktop Connection. Click the X to the right of 192.168.12.11 at the top of the remote desktop connection window.

3.2 Conclusion

Firewalls restrict network traffic, based on a collection of configurable rules. Another name for these rules is exceptions. When traffic reaches a network interface protected by a firewall, the firewall analyzes it; either denying the traffic or allowing it based on the firewall rules. Unless a rule exists that explicitly allows a particular form of traffic, the firewall will drop that traffic. Primarily, you create rules that explicitly allow traffic to pass across a firewall, but occasionally there are instances when you need to configure a rule to deny traffic. 3.3 Review Questions

1. In Windows Firewall, what do the Home/Work (Private) and Public columns

indicate?

2. Define the term: firewall rule (exception).

3. Explain why it is a risk to allow programs and add exceptions through the firewall.

4 View and Configure Windows Firewall with Advanced Security (WFAS)

Technology and connectivity are a big part of everyday life. It is a common practice for people to connect to all types of networks: domains at work, private at home, and public when at play, such as free Wi-Fi at your favorite coffee shop. When your computer connects to a public network, it is possible that someone sitting near you is running a program that can look for vulnerabilities in your computer's security and ways to exploit them. At work, someone might bring an infected laptop from home, which could compromise company machines. With all the opportunities for downloading fun and interesting things, it is easy to end up accessing harmful websites by mistake. This type of universal connectivity brings increased risk. The ease of connection that allows authorized users to access resources so readily can also allow hackers acting as unauthorized users using malicious programs to attack a network or computer system. In this task, you will access Windows Firewall with Advanced Security using Administrative Tools and create a firewall rule using the more complex Windows Firewall with Advanced Security. 4.1 View Windows Firewall with Advanced Security Settings Using

Administrative Tools

Windows with Advanced Security is designed for advanced users and has more robust configuration options than the standard Windows Firewall. Using Windows Firewall with Advanced Security, you can configure inbound and outbound rules, block or allow incoming or outgoing connections using protocols and ports and/or programs and services, as well as other advanced configurations. The inbound and outbound rules can be enforced on predefined profiles individually or on all profiles. This allows a user to enable a rule that allows traffic for a specific program and/or service while connected to one network profile, but not allow it on another.

1. Use the instructions provided in the Lab Settings section to log into the Windows 2k8 R2 Internal 2 machine, if you are not logged in already. If the Initial Configuration Tasks and/or Server Manager windows appear, close them by clicking on the “X” in the top-right corner of the window.

2. In order to complete exercises in this section, the Windows Firewall service must be enabled. It should have started when you turned the Windows Firewall on earlier in this lab.

a. To do this, click on Start and in the Search programs and files type services.msc then click on services under the Programs heading.

b. This opens the Services snap-in. Scroll down the list until you see Windows Firewall. Right-click and select Properties.

c. This will open the Windows Firewall Properties sheet. On the Windows Firewall Properties sheet click on the dropdown arrow for Startup Type and choose Automatic then click Apply. If the service status is not started, click the Start button and the service will start. When this process is completed, click OK.

d. In the Services window, click on the “X” in the top-right corner of the window to close it.

3. View features of the Windows Firewall with Advanced Security using Administrative Tools. a. To do this, click on Start -> Control Panel. The Control Panel window will

open. b. Click on System and Security. The System and Security window will open

with a link to Administrative Tools.

c. Click on Administrative Tools. The Windows Administrative Tools window will open. Administrative Tools is a folder that contains several advanced tools found in Windows. What you see in the Administrative Tools window are shortcuts to the various advanced tools.

d. Double-click on Windows Firewall with Advanced Security to begin using the advanced firewall tool.

4. Now, the Windows with Advanced Security Firewall tool is open. Just like Windows Firewall, the Windows Firewall with Advanced Security has three profiles that can be active: Domain, Private, and Public. All of the profiles can be active at the same time, each protecting connections, according to their network location type.

a. On the main firewall page, find the section labeled Overview. Below the list of profiles, click on Windows Firewall Properties, next to the green arrow.

b. The Windows Firewall with Advanced Security Properties window opens and you will see four tabs, one for each profile and IPsec Settings. The first three tabs are used to configure the WFAS Domain, Private, and Public profiles. Click on each profile tab separately and note whether the firewall is on for the profile. Notice that inbound connections are set to block and outbound connections are set to allow. These settings allow any traffic out of your computer but block any unsolicited traffic from outside to connect to your computer.

c. Click on Learn more about these settings link at the bottom of the page. In the left panel, click on Understanding Firewall Profiles to read more about them. You may click on other topics that you are interested in. Close the help window by clicking the “X” in the top-right corner of the window. Then, click Cancel, this returns you to the main page of the WFAS tool.

4.2 Configure Windows Firewall with Advanced Security Using Administrative Tools

Before configuring the firewall rule using Windows Firewall with Advanced Security on the Windows 2k8 R2 Internal 2 machine, you will need to verify that the two computers used in this task cannot ping each other. Once this is determined, you will then configure the firewall rule and then verify that the two computers used in the task can ping each other to confirm that the firewall rule was implemented.

1. Why will the pings be unsuccessful until the firewall rule is in place?

A change to the firewall on W2K8R2 Internal 2 is necessary for the rest of this task to work properly. The following commands will disable the ICMP protocol in the Windows Firewall. Prior labs required they be enabled for the labs to be successful. By default, Windows Firewall does not allow incoming ICMP Echo messages, however, when File and Printer Sharing is enabled, ICMP is automatically enabled on firewall rules. Open a command prompt (Start --> type cmd in the Search programs and files window --> <enter>. Type the two following commands: netsh firewall set icmpsetting type=8 mode=disable profile=CURRENT netsh firewall set icmpsetting type=8 mode=disable profile=ALL ICMPv4 will be disabled in the Domain, Public, and Standard (Private) profiles.

1. Verify that the Windows 2k8 R2 Internal 1 machine cannot ping the Windows 2k8 R2 Internal 2 machine. a. Use the instructions provided in the Lab Settings section to log on to the

Windows 2k8 R2 Internal 1 machine, if you are not logged in already. b. On the Windows 2k8 R2 Internal 1 machine, click on the Start -> All

Programs.

c. Click on the Accessories folder and click Command Prompt. The Command Prompt window opens.

d. At the C:\ prompt, type ping and the IP address of the computer you want to connect to, which in this case is the IP address of the Windows 2k8 R2 Internal 2 machine, 192.168.12.11 and press Enter.

e. Notice the ping statistics for 192.168.12.11. 2. Was the ping successful?

f. Go back to the Windows 2k8 R2 Internal 2 machine and repeat step 1a-d, replacing the IP Address in step e for the Windows 2k8 R2 Internal 1 machine IP address of 192.168.12.10.

2. Create a firewall rule using Windows Firewall with Advanced Security. The firewall rule configuration will allow the Windows 2k8 R2 Internal 1 machine to ping the Windows 2k8 R2 Internal 2 machine. No firewall configuration changes will be made on the Windows 2k8 R2 Internal 1 machine.

3. What direction does the firewall rule need to be applied to allow the Windows 2k8 R2 Internal 2 machine to receive the unsolicited ping traffic from the Windows 2k8 R2 Internal 1 machine?

a. On the Windows 2k8 R2 Internal 2 machine, open the Windows Firewall with

Advanced Security tool. Click Start -> All Programs -> Administrative Tools -> Windows Firewall with Advanced Security. In the console left pane, click Inbound Rules. A list of rules is displayed in the middle pane. Each rule has a name describing the type of network activity the rule pertains to, a group, a profile in which the rule is defined, a status (enabled or disabled), an action, as well as several other properties.

b. Scroll down the list in the middle pane until you see File and Printer Sharing (Echo Request – ICMP4-in) rule. Ping is a network utility and ICMP is the protocol it uses to send requests to remote hosts and for response back to check connectivity and monitor the overall round-trip time of the request/reply messages. The messages sent by ping are ICMP echo requests and the responses are ICMP echo replies. The File and Printer Sharing (Echo Request – ICMP4-in) rule controls whether another computer can ping your computer and is disabled by default.

c. The File and Printer Sharing (Echo Request – ICMP4-in) rule option should be listed for all profiles. Double-click the File and Printer Sharing (Echo Request – ICMP4-in) rule with Private listed in the Profile column.

d. In the General section, put a check next to Enable to enable the rule allowing the connection for incoming ping requests. Click OK.

e. View the File and Printer Sharing (Echo Request – ICMP4-in) rule in the list now has a green check next to it to show it is enabled in the Private profile.

3. Test the applied inbound File and Printer Sharing (Echo Request – ICMP4-in) firewall rule. a. To do this, go back to the Windows 2k8 R2 Internal 1 machine and open the

Command Prompt. Click Start -> All Programs - > Accessories folder -->Administrative Tools -> Command Prompt. The Command prompt dialog box opens.

b. At the C:\ prompt, type ping and the IP address of the Windows 2k8 R2 Internal 2 machine, 192.168.12.11 and press Enter.

4.3 Conclusion

Windows Firewall with Advanced Security is a host-based, two-way firewall that blocks unauthorized network traffic flowing into or out of a host computer. It can apply security settings appropriate to the type of networks to which the computer is connected. Each network connection (NIC) is assigned a location that identifies its type. It enforces different policies based on the locations of the networks to which the computer is currently connected. Multiple policies can be active if there is more than one network card active on the computer. By default, unsolicited incoming traffic is blocked. You must create rules to allow other authorized traffic to pass through the firewall into the computer such as the File and Printer Sharing (Echo Request – ICMP4-in) rule created in the lab exercise. The default setting allows all outgoing traffic. You must specifically block programs or types of traffic that should not be allowed. 4.4 Review Questions

1. Explain why it isn’t necessary to create an inbound rule on the Windows 2k8 R2

Internal 1 machine so that it can receive the response (ICMP echo reply) from the Windows 2k8 R2 Internal 2 machine.

2. Identify the four basic types of firewall rules.

5 Create a Firewall Rule (iptables) within Linux

In the previous tasks, you examined host-based firewalls and implemented firewall rules, or exceptions, using a graphical user interface in the Windows OS. In this task, you will use a command-line interface (CLI) based firewall called Uncomplicated Firewall (ufw) to implement a host-based firewall in Linux. The Windows Firewall, Windows with Advanced Security, and Uncomplicated Firewall in Linux are front-end applications that use predefined firewall rules that can be loaded into the program. They also have initial firewall rule settings automatically applied when the firewall is enabled. In the Windows OS, these are called exceptions and in the Linux OS, they are called iptables. 5.1 Enable a Firewall Rule

In current versions of Windows, the firewall is enabled at boot up and default firewall rules are set to block all incoming traffic that does not match an exception and to allow all outbound traffic. In many Linux distributions, the firewall does not run automatically at boot up and needs to be added to the startup configurations to enable it at boot up. For Linux, when the firewall starts, it is configured to allow all inbound and outbound traffic, so even though the firewall is on, it is not filtering. When preparing to use a firewall in Linux, the first step is to enable the firewall. The next step is to apply the rules to block all incoming traffic that does not match an exception and allow all outbound traffic. Most firewalls allow users to apply rules that are specific to the needs of their situation. In this task, you will enable the Uncomplicated Firewall (ufw) on the Linux Backtrack 5 r3 system and then enable the predefined rules, as well as configure a firewall rule to block outbound telnet traffic, all using the CLI.

1. On the Backtrack 5 R3 machine at the root@bt5internal:~# prompt, type ufw enable. This is the command to activate the uncomplicated firewall program in Backtrack 5 R3.

Keep in mind that Linux commands are case sensitive.

2. At the root@bt5internal:~# prompt, type ufw status verbose. This command shows the status of the firewall and ufw managed rules.

3. At the root@bt5internal:~# prompt, type telnet. Your prompt will change because you have just opened the telnet utility. Telnet is a TCP/IP utility that allows remote access to computers that are running the telnet service. You will attempt to remotely access the Windows 2k8 R2 Internal 2 machine using telnet. Telnet was a commonly used remote access method in the past, but because it is not a secure program, it has been replaced on many networks by more secure alternatives.

4. At the telnet> prompt, type open 192.168.12.11, the IP address of the Windows 2k8 R2 Internal 2 machine. Because telnet is no longer installed by default on Server 2008, your attempt to connect will fail.

5. You can press ^C or 'q' to exit telnet and get back to the root@bt5internal:~# prompt.

6. At the root@bt5internal:~# prompt, type ufw deny out telnet. This command will set the firewall rule to deny all outbound telnet traffic. This would prevent users from using telnet on this host. Using an insecure remote access program creates vulnerabilities on the network.

7. At the root@bt5internal:~# prompt, type ufw status verbose. This command shows the status of the firewall and ufw managed rules. The To column in the output indicates the destination or type of traffic. The Action column indicates how the packet is handled. The From column indicates where the traffic is being sourced. A breakdown of the command ufw deny out telnet: uncomplicated firewall will examine outbound traffic, if that traffic is generated from tcp/udp port 23 (telnet) then it will deny the packet before it leaves the system. In the

From column, Anywhere indicates that regardless of the source, this is how outbound traffic will be controlled.

Note: Your output may vary from the above image.

8. At the root@bt5internal:~# prompt, type telnet. Your prompt will change because you have just opened the telnet utility.

9. At the telnet> prompt, type open 192.168.12.11, the IP address of the Windows 2k8 R2 Internal 2 machine. The connection can't be made because the outbound port is blocked.

10. Type ‘q’ to close telnet.

5.2 Conclusion

There are multiple types of firewalls and most operating systems include a firewall program in the installation. Firewalls all have the same purpose, to block both incoming and outgoing traffic to secure networks and computers while allowing them to be used productively. Differences in the interface and ease of use are big factors in choosing and using a firewall. Firewall configuration ranges from basic to very complex. Understanding TCP ports and protocols is an important part of knowing how to filter traffic and configure firewall rules.

5.3 Review Questions

1. Compare the ufw status verbose command output with Windows Firewall with

the Advanced Security Windows Firewall Properties you investigated in an earlier lab. Describe the major similarities that you observe.

2. Explain the advantages and disadvantages of having the firewall disabled at start up in the Linux operating system.

3. Create and document two firewall rules that you think would be important to include if all outbound traffic is being denied by the firewall rules. Explain your decision.

Lab 10: Network Security - Firewalls - · PDF fileLab 10: Network Security - Firewalls 3 This...

Documents

Network Security: Protocol Analysis, Firewalls

Network Security: Firewalls · Network Security: Firewalls Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2013

Firewalls Aren’t Just About Security - Cyberoam · PDF fileWhite paper Cyberoam UTM Firewalls Aren’t Just About Security ... applications for bandwidth. ways of looking at firewalls

The Perfect Linux Security Firewalls

Security and Firewalls

Network Security: Protocol Analysis, Firewalls Tuomas Aura

Network Security - Startseite TU Ilmenau · PDF fileNetwork Security (WS 2002): 13 – Internet Firewalls 3 © Dr.-Ing G. Schäfer Introduction to Network Firewalls (2)! What firewalls

Network Security: Firewalls - · PDF fileNetwork Security: Firewalls Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2013

Network Security (NetSec) - Technische Universität · PDF fileChapter 3: Firewalls and Security Policies The 3 Security Components Network Firewalls The Story of Firewalls Placing

Network firewalls - IEEE Communications Magazinecourses.isi.jhu.edu/netsec/papers/network_firewalls.pdf · Network Firewalls Computer security is a hard problem. Security on networked

Implementing Internet Security and Firewalls

Firewalls and Internet Security, Second Edition

CSE543 - Computer and Network Security Module: Firewalls

Dell Security Next-Generation Firewalls

Network Firewall Security Auditing Firewalls. Module 1: Understanding Firewalls Firewall Architecture Overview

OpenStack: Security Beyond Firewalls

Network Security: Firewalls

IPv6 Security from point of view firewalls

Stronger Than Firewalls: Unidirectional Security · PDF fileStronger than Firewalls: Unidirectional Security Gateways ... WinCC, SINAUT/Spectrum ... Stronger Than Firewalls: Unidirectional

Part 5:Security Network Security (Access Control, Encryption, Firewalls)