You are on page 1of 45

Lesson 12: Configuring and

Maintaining Network
Security
MOAC 70-687: Configuring Windows 8
WPA-Enterprise WPA-
Personal Defending Against
Malware
Lesson 12: Configuring and Maintaining
Network Security
2013 John Wiley & Sons, Inc. 2
Malware
Malicious software infiltrates or damages a
computer system without the users
knowledge or consent.
Malicious software includes viruses, Trojan
horses, worms, spyware, and adware.
The term most commonly used to
collectively refer to these malicious software
technologies is malware.
2013 John Wiley & Sons, Inc.
3
Windows 8 Action Center
The Action Center is a centralized console
that enables users and administrators to
access, monitor, and configure the various
Windows 8 security mechanisms.
Action Center is a service that starts
automatically and runs continuously on
Windows 8 computers, by default.
The service constantly monitors the different
security mechanisms running on the
computer.
2013 John Wiley & Sons, Inc.
4
Windows 8 Action Center
The Action Center menu in the notification area
2013 John Wiley & Sons, Inc. 5
Accessing Action Center
To open Action Center:
o Click the notification area icon
o Open from Control Panel
Action Center displays information about
the problems it has discovered and links to
possible solutions.
2013 John Wiley & Sons, Inc.
6
Accessing Action Center
The Action Center window
2013 John Wiley & Sons, Inc. 7
Accessing Action Center
The Change Action Center Settings window
2013 John Wiley & Sons, Inc. 8
Understanding Firewalls
A firewall is a software program or hardware
device that protects a computer by
allowing certain types of network traffic in
and out of the system while blocking others.
To filter traffic, firewalls use rules, which
specify which packets are allowed to pass
through the firewall and which are blocked.

2013 John Wiley & Sons, Inc.
9
Understanding Firewalls
Firewalls typically base their filtering on the
TCP/IP characteristics at the network,
transport, and application layers of the
Open Systems Interconnection (OSI)
reference model:
o IP addresses: Represent specific computers on
the network.
o Protocol numbers: Identify the transport layer
protocol being used by the packets.
o Port numbers: Identify specific applications
running on the computer.
2013 John Wiley & Sons, Inc.
10
Monitoring Windows
Firewall
Windows Firewall is one of the programs monitored
by the Action Center service.
When you open the Windows Control Panel and
click System and Security > Windows Firewall, a
Windows Firewall window appears.
Each heading contains the following information:
o Whether the computer is connected to a domain, private,
or public network
o Whether the Windows Firewall service is currently turned on
or off
o Whether inbound and outbound connections are blocked
o Whether users are notified when a program is blocked
2013 John Wiley & Sons, Inc.
11
Monitoring Windows Firewall
The Windows Firewall window
2013 John Wiley & Sons, Inc. 12
Using the Windows
Firewall Control Panel
A series of links on the left side of the Windows
Firewall window enable you to
o Configure Windows Firewall to allow a specific app or
feature through its barrier
o Change the firewall notification settings
o Turn Windows Firewall on and off
o Restore the default firewall settings
o Configure advanced firewall settings
Clicking Change notification settings or Turn
Windows firewall on or off displays the
Customize settings for each type of network
dialog box.
2013 John Wiley & Sons, Inc.
13
Using the Windows Firewall
Control Panel
The Customize settings for each type of network
dialog box
2013 John Wiley & Sons, Inc. 14
Blocking Incoming
Connections
Select the Block all incoming connections,
including those in the list of allowed apps
check box to block all unsolicited attempts
to connect to your computer.
This does not prevent you from performing
common networking tasks, like accessing
websites and sending or receiving emails.
2013 John Wiley & Sons, Inc.
15
Allowing Programs
through the Firewall
Click Allow an app or feature through Windows
Firewall to open the Allow programs to
communicate through Windows Firewall dialog
box.
In this dialog box, you can open a port through
the firewall for specific programs and features
installed on the computer.
Opening a port in your firewall is inherently
dangerous. The more holes you make in a wall,
the greater the likelihood that intruders will get
in.
2013 John Wiley & Sons, Inc.
16
Allowing Programs through
the Firewall
The Allow programs to communicate through Windows
Firewall dialog box
2013 John Wiley & Sons, Inc. 17
Using the Windows Firewall with
Advanced Security Console
The Windows Firewall with Advanced
Security snap-in for Microsoft Management
Console (MMC) provides direct access to
the rules that control the behavior of
Windows Firewall.
To access the console from the Windows
Control Panel, click System and Security >
Administrative Tools > Windows Firewall with
Advanced Security.
2013 John Wiley & Sons, Inc.
18
Using the Windows Firewall with
Advanced Security Console
The Windows Firewall with Advanced Security snap-in
2013 John Wiley & Sons, Inc. 19
Configuring Profile
Settings
You can change default behavior by
clicking the Windows Firewall Properties link.
The Windows Firewall with Advanced
Security on Local Computer Properties sheet
is configurable.
2013 John Wiley & Sons, Inc.
20
Configuring Profile Settings
The Windows Firewall with Advanced Security on Local
Computer Properties sheet
2013 John Wiley & Sons, Inc. 21
Creating Rules
In the Windows Firewall with Advanced
Security console, you can work with the rules
in their raw form.
Selecting either Inbound Rules or Outbound
Rules in the left pane displays a list of all the
rules operating in that direction.
The rules that are currently operational have
a checkmark in a green circle, while the
rules not in force are grayed out.
2013 John Wiley & Sons, Inc.
22
Creating Rules
The Inbound Rules list in the Windows Firewall with
Advanced Security console
2013 John Wiley & Sons, Inc. 23
Default Windows Firewall
Rules Settings
2013 John Wiley & Sons, Inc.
24
Private Public Domain
Core Networking Enabled Enabled Enabled
File and Printer
Sharing
Enabled Disabled Disabled
Homegroup Disabled N/A N/A
Network Discovery Enabled Disabled Disabled
Remote Desktop Disabled Disabled Disabled
The New Rule Wizard
The New Rule Wizard takes you through the
process of configuring the following sets of
parameters:
o Rule Type
o Program
o Protocol and Ports
o Scope
o Action
o Profile
o Name
2013 John Wiley & Sons, Inc.
25
Creating Rules
The New Inbound Rule Wizard
2013 John Wiley & Sons, Inc. 26
Importing and Exporting
Rules
After creating and modifying rules in the
Windows Firewall with Advanced Security
console, you can export them to a policy file.
To create a policy file, select Export Policy
from the Action menu in the Windows Firewall
with Advanced Security console, and specify
a name and location for the file.
2013 John Wiley & Sons, Inc.
27
Using Filters
The term filter refers to a feature that
enables you to display rules according to:
o The profile they apply to
o Their current state
o The group to which they belong

2013 John Wiley & Sons, Inc.
28
IP Security (IPsec)
The IPsec standards are a collection of
documents that define a method for
securing data while it is in transit over a
TCP/IP network.
IPsec includes:
o A connection establishment routine, during
which computers authenticate each other
before transmitting data.
o A technique called tunneling, in which data
packets are encapsulated within other packets
for their protection.
2013 John Wiley & Sons, Inc.
29
Configuring Connection
Security Rules
When you right-click the Connection Security
Rules node and select New Rule from the
context menu, the New Connection Security
Rule Wizard takes you through the process of
configuring these parameters:
o Rule Type
o Endpoints
o Requirements
o Authentication Method
o Profile
o Name
2013 John Wiley & Sons, Inc.
30
Configuring Connection
Security Rules
The New Connection Security Rule Wizard
2013 John Wiley & Sons, Inc. 31
Configuring Windows
Firewall with Group Policy
When you browse to the Computer
Configuration\Policies\Windows
Settings\Security Settings\Windows Firewall with
Advanced Security node in a GPO, you see the
interface, which is similar to that of the Windows
Firewall with Advanced Security console.
Clicking Windows Firewall Properties opens a
dialog box with the same controls as the
Windows Firewall with Advanced Security on
Local Computer Properties sheet and clicking
Inbound Rules and Outbound Rules launches
the same wizards as the console.
2013 John Wiley & Sons, Inc.
32
Configuring Windows Firewall
with Group Policy
The Windows Firewall with Advanced
Security node in a GPO
2013 John Wiley & Sons, Inc. 33
Introducing Windows
Defender
Windows 8 includes an application called Windows
Defender that:
Helps to defend against spyware by scanning the
places where it most commonly infiltrates a
computer.
Includes real-time monitoring, which attempts to
prevent spyware from infiltrating the computer as it
is installed.
Runs by default on Windows 8 computers and
performs a scan every day at 2:00 AM.
Windows Update also supplies Defender with
signature updates on a regular basis, to keep the
program current.

2013 John Wiley & Sons, Inc.
34
Introducing Windows Defender
The Windows Defender window
2013 John Wiley & Sons, Inc. 35
Configure Windows Defender
The Windows Defender Settings page
2013 John Wiley & Sons, Inc. 36
Using the Malicious
Software Removal Tool
The Malicious Software Removal Tool:
o Is a single-use virus scanner that Microsoft
supplies in each of its monthly operating system
updates.
o Was created for systems that have antivirus
software. The tool functions as an effective
backup.
o Can provide an effective scan in the event that
the main software is not functioning.
Some malware can disable well-known virus
scanners.
2013 John Wiley & Sons, Inc.
37
Understanding Wireless
Security
Lesson 12: Configuring and Maintaining
Network Security
2013 John Wiley & Sons, Inc. 38
Attacks on Wireless
Networks
Some types of attacks to which an
unsecured wireless network is subject are:
o Eavesdropping
o Masquerading
o Attacks against wireless clients
o Denial of service
o Data tampering
2013 John Wiley & Sons, Inc.
39
Evaluating Wireless
Networking Hardware
The 802.11 standards published by the IEEE
dictate the frequencies, transmission speeds,
and ranges of wireless networking products.
As a general rule, devices supporting the
newer, faster standards are capable of falling
back to slower speeds when necessary.
There is another compatibility factor to consider
apart from the IEEE 802.11 standardsthe
security protocols that the wireless devices
support.
2013 John Wiley & Sons, Inc.
40
IEEE Wireless
Networking Standards
2013 John Wiley & Sons, Inc.
41
Standard Frequency
(GHz)
Transmission Rate
(Mbps)
Range
(Indoor/Outdoor)
(meters)
802.11-1997 2.4 1, 2 20/100
802.11a-1999 5 6 to 54 35/120
802.11b-1999 2.4 5.5 to 11 38/140
802.11g-2003 2.4 6 to 54 38/140
802.11n-2009 2.4 and 5 7.2 to 288 (@20 MHz)
15 to 600 (@40 MHz)
70/250
802.11y-2008 3.7 6 to 54 5000+
802.11ac (Draft) 5 433 to 867 (@80 MHz)
867 to 6.93 Gbps
(@160 MHz)

Using Wired Equivalent
Privacy (WEP)
WEP is a security protocol that helps protect
transmitted information by using a security
setting, called a shared secret or a shared
key, to encrypt network traffic before
sending it.
To use WEP, administrators must configure all
the devices on the wireless network with the
same shared secret key. The devices use
that key to encrypt all their transmissions.
2013 John Wiley & Sons, Inc.
42
Selecting an
Authentication Method
The initial WEP standards provided for two types
of computer authentication:
o Open system: Enables any client to connect without
providing a password
o Shared secret: Requires wireless clients to
authenticate by using a secret key
If you use open system authentication, any
computer can easily join your network.
Without the WEP encryption key the
unauthorized clients cannot send or receive
wireless communications, and they will not be
able to abuse the wireless network.
2013 John Wiley & Sons, Inc.
43
Using Wi-Fi Protected
Access (WPA)
To address the weaknesses of WEP, the Wi-Fi
Alliance, a consortium of the leading
wireless network equipment vendors,
developed WPA.
There are two encryption options for WPA:
o Temporal Key Integrity Protocol (TKIP)
o Advanced Encryption System (AES)

2013 John Wiley & Sons, Inc.
44
Using Wi-Fi Protected
Access (WPA)
In its current form, WPA has two operational
modes:
o WPA-Personal (also known as WPA-PSK or
preshared key mode): An administrator selects a
passphrase that is automatically associated with
the dynamically generated security settings.
o WPA-Enterprise (also known as WPA-802.1X or
WPA-RADIUS): Requires an authentication server
using Remote Authentication Dial-In User Service
(RADIUS) and the 802.1X authentication protocol,
as implemented in the Network Policy and
Access Services role in Windows Server 2008 R2.

2013 John Wiley & Sons, Inc.
45