1. Home
  2. Teknologi

Computer Connection Security Rules

Computer Connection Security Rules

Because the Internet is inherently insecure, businesses need to preserve the privacy of data as it travels over the network. Internet Protocol Security (IPsec) creates a standard platform to develop secure networks and electronic tunnels between two machines. The two machines are known as endpoints. After the tunnel has been defined and both endpoints agree on the same parameters, the data is encrypted on one end, encapsulated in a packet, and sent to the other endpoint where the data is decrypted.

In Windows XP and Windows Server 2003, you configure the Windows Firewall and IPsec separately. Unfortunately, because both can block or allow incoming traffic, it is possible that the Firewall and IPsec rules can conflict with each other. In Windows 7, Windows Firewall with Advanced Security provides a single, simplified interface for managing both firewall filters and IPsec rules.

Windows Firewall

Windows Firewall with Advanced Security uses authentication rules to define IPsec policies. No authentication rules are defined by default. To create a new authentication rule, follow these steps:

1. In Windows Firewall with Advanced Security, select the Computer Connection Security Rules node.

2. Right-click the Computer Connection Security Rules node in the console tree and then click New Rule to start the New Connection

Security Rule Wizard.

3. From the Rule Type page of the New Authentication Rule Wizard (as shown in Figure 7.9), you can select the following:

. Isolation: Used to specify that computers are isolated from other computers based on membership in a common Active Directory domain or current health status. You must specify when you want authentication to occur (for example, for incoming or outgoing traffic and whether you want to require or only request protec- tion), the authentication method for protected traffic, and a name for the rule.

. Authentication exemption: Used to specify computers that do

not have to authenticate or protect traffic by their IP addresses. . Server to server: Used to specify traffic protection between spe-

cific computers, typically servers. You must specify the set of end- points that exchange protected traffic by IP address, when you want authentication to occur, the authentication method for pro- tected traffic, and a name for the rule.

. Tunnel: Used to specify traffic protection that is tunneled, typical- ly used when sending packets across the Internet between two security gateway computers. You must specify the tunnel endpoints by IP address, the authentication method, and a name for the rule.

. Custom: Used to create a rule that does not specify a protection behavior. You would select this option when you want to manually configure a rule, perhaps based on advanced properties that cannot

be configured through the pages of the New Authentication Rule Wizard. You must specify a name for the rule.

CHAPTER 7: Configuring Windows Firewall and Windows Defender

FIGURE 7.9 Specifying a new connection security rule.

To configure advanced properties for the rule, do the following:

1. Right-click the name of the rule and then click Properties.

2. From the properties dialog box for a rule, you can configure settings on the following tabs:

. General: The rule’s name and description and whether the rule is enabled.

. Computers: The set of computers, by IP address, for which traffic is protected.

. Authentication: When you want authentication for traffic protec- tion to occur (for example, for incoming or outgoing traffic and whether you want to require or only request protection) and the authentication method for protected traffic.

. Advanced: The profiles and types of interfaces to which the rule applies and IPsec tunneling behavior.

Windows Firewall

Cram Quiz

1. Which Windows Firewall profile includes access to homegroups?

❍ A. Home network ❍ B. Work network ❍ C. Public network ❍ D. Internet network

2. If you need to configure IPsec, what program would you use in Windows 7?

❍ A. IPsec Management console ❍ B. Computer Management console ❍ C. Windows Firewall with IPsec ❍ D. Windows Firewall with Advanced Security

Cram Quiz Answers

1. A is correct. The Home network location or profile is for home networks or when you know and trust the people and devices on the network. Network discovery is turned on for home networks, which enables you to see other computers and devices on the network. Answers B and C are incorrect because they have access to homegroups disabled. Answer D is incorrect because the Internet net- work is not a valid network location or profile.

2. D is correct. The Windows Firewall with Advanced Security enables you to fine- tune the Windows Firewall and configure IPsec. Answer B is incorrect because you cannot configure IPsec with the Computer Management console. Answers A and C are incorrect because these consoles do not exist.

CHAPTER 7: Configuring Windows Firewall and Windows Defender

Review Questions

1. Which of the following does spyware not do?

❍ A. Monitors keystrokes in an attempt to retrieve passwords and other private information ❍ B. Changes the default home page to another site

❍ C. Causes pop-up windows to appear frequently ❍ D. Changes the polarity of your monitor, causing physical damage ❍ E. Slows down your machine

2. You work as a desktop technician at Acme.com. You have configured Windows Defender on all Microsoft Windows 7 machines on your domain. One user has an accounting application (which comes from a reputable company) that inter- acts with Microsoft Excel. When the application runs, an alert window opens up with a medium-level warning stating that the software might be spyware. You are sure that the application is not spyware. What do you need to do to stop these warnings from appearing? (Select the best answer.)

❍ A. Open Windows Defender. Click Tools, click Options, and configure Windows Defender to ignore Medium alert items. ❍ B. Configure Parental Controls to allow this application to run.

❍ C. Open Windows Defender. Click Tools and click Options. Then under the Advanced options, click Add in the Do not scan these files or

locations option. Then browse to the application executable. Click OK.

❍ D. When the warning appears again, click Always Allow. 3. When running Windows Defender, you are constantly alerted about specific soft-

ware. What can you do so that you stop getting alerts for that software?

❍ A. Run Windows full scan ❍ B. Run Windows quick scan ❍ C. Add the application to the allowed list ❍ D. Add the item to the quarantine list

4. You work as part of the IT support staff at Acme.com. You have a payroll appli- cation (PAY.EXE) that requires you to send data to the check printing company using TCP port 8787. What do you need to do to make this application able to function?

❍ A. Open Windows Firewall and ensure that it is enabled. Add PAY.EXE to the exceptions list on the exceptions tab. ❍ B. Open Windows Firewall and ensure that it is enabled. Add port 8787 to the exceptions list on the exceptions tab.

Review Questions

❍ C. Open Windows Defender. Add PAY.EXE to the exceptions tab. ❍ D. Open Windows Defender. In Software Explorer, click the disable but-

ton for PAY.EXE. 5. Your corporation has several FTP servers. You need to make sure that a

Windows 7 computer can only connect to the FTP servers when connected to the private network. What should you do?

❍ A. Change the application control policies from the local policy ❍ B. Change the Advanced Sharing setting from the Network and Sharing

Center Policy ❍ C. Change the Allowed Programs and Features list from the Windows Firewall Policy ❍ D. Create a new rule from the Windows Firewall with Advanced Security Policy

6. You create a shared folder called Docs on your computer running Windows 7. However, remote users cannot access the shared folder. What do you need to do to allow users to access the shared folder while keeping the system as secure as possible?

❍ A. Disable Windows Defender ❍ B. Enable the File and Printer Sharing exception in the firewall setting ❍ C. Turn off the Windows Firewall ❍ D. Enable all incoming connections in the Windows Firewall

7. What should you do to prevent all inbound traffic to your computer running Windows 7 without the end user being notified?

❍ A. Set the network location to Public ❍ B. Set the network location to Private ❍ C. Set the network location to domain ❍ D. Enable the Windows Firewall and select the Block all incoming con-

nections checkbox 8. What do you call a firewall that monitors the state of active connections and

uses the information gained to determine which network packets are allowed through the firewall?

❍ A. Packet filter ❍ B. Stateful ❍ C. Stateless ❍ D. Packet analyzer

CHAPTER 7: Configuring Windows Firewall and Windows Defender

9. Which of the following statements is true?

❍ A. Windows Firewall is off by default. ❍ B. Windows Firewall is on by default. ❍ C. Windows Firewall is on by default if you install Windows Defender. ❍ D. Windows Firewall is only on if auditing is turned on.

10. What protocol enables you to create a standard platform to develop secure net- works and electronic tunnels between two machines?

❍ A. Windows Firewall with Advanced Security ❍ B. Windows Defender ❍ C. Windows auditing ❍ D. Windows Tunnel Maker

Review Question Answers

Review Question Answers

1. Answer D is correct. Spyware cannot physically damage a computer. It can, however, capture information as you type, change the default home page, generate pop-up windows, and slow your machine. Therefore, Answers A, B,

C, and E are incorrect. 2. Answer D is correct. When you know that a program is not spyware, click

Always allow so that Windows stops assuming the software is spyware. Answer

A is incorrect because you don’t want to ignore other programs that might be harmful. Answer B is incorrect because Parental Controls do not function on domains. Answer C is incorrect because Answer D is much easier to implement.

3. Answer C is correct. To stop an alert from being generated by a specific applica- tion, you need to add it to the allowed list. Answers A and B are incorrect because these choices do not cause an alert to stop for an application. Answer

D is incorrect because if it is quarantined, the application is not able to run until it is removed from the quarantine folder and placed back to its original place.

4. Answer A is correct. Because you want the PAY.EXE to communicate through the firewall, you can use an exception where you can specify that PAY.EXE can communicate out port 8787. Answer B is incorrect because you want to specify that only PAY.EXE can communicate through port 8787, not any other programs. Answer C is incorrect because you want to add an exception to Windows Firewall, not to Windows Defender, which is used to protect against spyware. Answer D is incorrect because the Software Explorer was a component that was included with Windows Defender included with Windows Vista. Since then, Software Explorer has been discontinued with the version of Windows Defender that is included with Windows 7.

5. Answer D is correct. For more control on what the firewall allows and blocks, you use the Windows Firewall with Advanced Security Policy. Answers A and B are incorrect because you need to configure your firewall. Answer C is incorrect because FTP is not included in the list for programs included under the Windows Firewall with Advanced Security Policy.

6. Answer B is correct. When you use shared folders, you need to open the firewall to allow communication to the shared folders. Answer A is incorrect because Windows Defender protects against spyware. Answer C is incorrect because you do not want to turn off the firewall because it is not able to protect your system. Answer D is incorrect because allowing all incoming connections opens your computer to security breaches.

7. Answer D is correct. Enabling the Windows Firewall and selecting the Block all incoming connections checkbox prevents all inbound traffic for the specific net- work location. If you don’t select the Notify me when Windows Firewall blocks a new program, you do not any notifications. Answers A, B, and C are incorrect because you need to select Block all incoming connections no matter which net- work location you choose.

CHAPTER 7: Configuring Windows Firewall and Windows Defender

8. Answer B is correct. A stateful firewall monitors the state of active connections and uses the information gained to determine which network packets are allowed through the firewall. Answer A is incorrect because a packet filter pro- tects the computer by using an access control list (ACL), which specifies which packets are allowed through the firewall based on IP address and protocol (specifically the port number). Answer C is incorrect because a packet filter is a stateless firewall. Answer D is incorrect because a packet analyzer or protocol analyzer is used to capture and analyze individual packets.

9. Answer B is correct. Windows Firewall is turned on by default. Therefore, when trying to use applications that communicate on the network, they could be blocked. Because Windows Firewall is on by default, Answer A is incorrect. Answers C and D are incorrect because Windows Defender and auditing do not affect whether Windows Firewall is on or off.

10. Answer A is incorrect. IPsec, short for IP Security, is used to encrypt traffic between two end points. To configure both the firewall and IPsec, you use the Windows Firewall with Advanced Security. Answer B is incorrect because the Windows Defender protects against spyware. Answer C is incorrect because Windows auditing is used to check what activities are happening to the system or object. Answer D is incorrect because there is no Windows Tunnel Maker program.

CHAPTER 8

Dokumen yang terkait

Keanekaragaman Makrofauna Tanah Daerah Pertanian Apel Semi Organik dan Pertanian Apel Non Organik Kecamatan Bumiaji Kota Batu sebagai Bahan Ajar Biologi SMA

26 317 36

FREKUENSI KEMUNCULAN TOKOH KARAKTER ANTAGONIS DAN PROTAGONIS PADA SINETRON (Analisis Isi Pada Sinetron Munajah Cinta di RCTI dan Sinetron Cinta Fitri di SCTV)

27 310 2

Analisis Sistem Pengendalian Mutu dan Perencanaan Penugasan Audit pada Kantor Akuntan Publik. (Suatu Studi Kasus pada Kantor Akuntan Publik Jamaludin, Aria, Sukimto dan Rekan)

136 695 18

DOMESTIFIKASI PEREMPUAN DALAM IKLAN Studi Semiotika pada Iklan "Mama Suka", "Mama Lemon", dan "BuKrim"

133 700 21

KONSTRUKSI MEDIA TENTANG KETERLIBATAN POLITISI PARTAI DEMOKRAT ANAS URBANINGRUM PADA KASUS KORUPSI PROYEK PEMBANGUNAN KOMPLEK OLAHRAGA DI BUKIT HAMBALANG (Analisis Wacana Koran Harian Pagi Surya edisi 9-12, 16, 18 dan 23 Februari 2013 )

64 565 20

PENERAPAN MEDIA LITERASI DI KALANGAN JURNALIS KAMPUS (Studi pada Jurnalis Unit Aktivitas Pers Kampus Mahasiswa (UKPM) Kavling 10, Koran Bestari, dan Unit Kegitan Pers Mahasiswa (UKPM) Civitas)

105 442 24

Pencerahan dan Pemberdayaan (Enlightening & Empowering)

0 64 2

KEABSAHAN STATUS PERNIKAHAN SUAMI ATAU ISTRI YANG MURTAD (Studi Komparatif Ulama Klasik dan Kontemporer)

5 102 24

GANGGUAN PICA(Studi Tentang Etiologi dan Kondisi Psikologis)

4 75 2

Efek Hipokolesterolemik dan Hipoglikemik Patigarut Butirat

2 94 12