IT tutorials
 
Technology
 

Windows 8 : Configuring security - Managing Windows Firewall and exceptions (part 5) - Configuring outbound rules, Configuring connection security rules

2/19/2014 3:25:25 AM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

Configuring outbound rules

Outbound rules prevent certain applications or local ports from sending data out of the computer. For example, if a computer in an environment should not be allowed to access the Internet, outbound access on port 80 (and other ports) could be disabled to ensure that this computer does not connect to the Internet. Just as a number of inbound rules are preconfigured for certain applications, there are outbound rules for these items.

Outbound rules are also configured by using a wizard. For example, many organizations employ email servers that communicate with the Internet. The client computers are configured to send email to the mail server and not beyond that point. However, many client computers have not been configured to disallow port 25 outbound to ensure that no SMTP traffic can be sent from the client computers directly. If malware were to infect a client computer and try to send email to itself by using an included SMTP server, the message could be easily propagated using port 25. If this port is disallowed by a firewall rule, the client computer is less likely to infect other computers.

Note

SECURITY ALERT PORTS

Although SMTP traffic can travel on ports other than port 25, this is the most common port. If you are configuring rules to block SMTP, research which other SMTP ports on your network to include.

To configure an outbound rule to disallow traffic to go out through port 25, complete the following steps:

  1. Locate Windows Firewall by searching for Firewall on the Start screen and selecting Settings.

  2. Tap or click Windows Firewall in the list of results.

  3. Select Advanced Settings from the navigation pane.

  4. Select Outbound Rules in the navigation pane.

  5. Select New Rule in the Actions pane.

  6. Select Port as the type of rule and tap or click Next to continue.

  7. Select TCP as the port type and specific remote ports.

  8. Enter 25 for the remote port number and tap or click Next to continue.

  9. Select Block The Connection as the action for the rule and tap or click Next to continue.

  10. Select Domain, Private, and Public as the profiles to which this rule will be applied and tap or click Next to continue.

  11. Enter a name for the rule (NO SMTP Outbound, for example) and a description.

  12. Tap or click Finish to save and activate the rule.

Important

CREATE GOOD RULE DESCRIPTIONS

Using a description for all the rules created in the Windows Firewall is a good habit to develop. It will help others determine the rule’s function without needing to comb through the entire rule. More important, a good description can also aid in determining how a rule operates when troubleshooting becomes necessary later.

After adding an outbound rule such as the one blocking SMTP, it is a good idea to test the rule. In this case, using a Telnet client to access port 25 on a remote system should be denied by the outbound rule preventing SMTP.

After a rule has been created, either inbound or outbound, you can make additional changes by selecting the rule and choosing properties from the rule Actions pane within the Windows Firewall with Advanced Security console.

Configuring connection security rules

In addition to standard inbound and outbound rules governing applications or ports, Windows Firewall with Advanced Security can also apply rules governing connections. These can be useful if certain activities need to be blocked when a computer is running on a wireless connection versus an available LAN cable.

Unlike inbound and outbound rules, no connection security rules are configured by default.

Windows Firewall with Advanced Security supports the following connection security rule types:

  • Isolation This rule type restricts connections based on authentication criteria.

  • Authentication exemption This rule type allows connections from certain computers to be exempted from authentication.

  • Server to server This rule type authenticates connections between specified computers.

  • Tunnel This rule type authenticates connections between two computers.

  • Custom This rule type is completely customizable and has no predefined items.

Connection security rules can help ensure that computers that come into an organization meet compliance and antimalware requirements. For example, when an organization has a large remote sales force of employees who are on the road more than they are in the office, this configuration can help ensure that these computers are clean of any malware before they can authenticate to the domain when they are being used in the office.

To configure a health check rule, complete the following steps:

  1. Locate Windows Firewall by searching for Firewall on the Start screen and selecting Settings.

  2. Tap or click Windows Firewall in the list of results.

  3. Select Advanced Settings in the navigation pane.

  4. Select Connection Security Rules in the navigation pane.

  5. Select New Rule from the Connection Security Rules in the Actions pane.

  6. Select Isolation as the rule type and tap or click Next to continue.

  7. Select the appropriate authentication timing for the rule from the following options:

    • Request Authentication For Inbound And Outbound Connections Authenticate when possible but do not require authentication.

    • Require Authentication For Inbound Connections And Request Authentication For Outbound Connections Inbound connections must be authenticated. Outbound connections will authenticate when possible, but this is not required.

    • Require Authentication For Inbound And Outbound Connections Both connection types require authentication. If it is not available, the connection will fail.

  8. Tap or click Next to continue.

  9. Specify an authentication method for the rule from the following options:

    • Default Use the options configured in IPsec settings.

    • Computer And User (Kerberos v5) Communications are restricted to connections from domain-joined users and computers. This allows specific user and computer accounts to be authorized to make inbound and outbound connections.

    • Computer (Kerberos v5) Communications are restricted to domain-joined computers.

    • Advanced Customizable authentication types allow specified first and second authentication settings.

  10. Tap or click Next to continue.

  11. Specify the firewall profiles to which the rule should be assigned (Domain, Private, or Public) and tap or click Next to continue.

  12. Enter a name and description for the connection security rule and tap or click Finish to save and enable the rule.

Monitoring rules configured in Windows Firewall

All rules enabled for use in Windows Firewall appear under the monitoring section within Windows Firewall with Advanced Security. These are the active rules for the computer. In the other areas available, where rules are configured, all rules—whether enabled or disabled—are listed.

Additional options for monitoring include security associations, shared security information between two computers. This information protects the information being shared during the connection.
 
Others
 
- Windows 8 : Configuring security - Managing Windows Firewall and exceptions (part 4) - Allowing the secure connection
- Windows 8 : Configuring security - Managing Windows Firewall and exceptions (part 3) - Configuring IPsec settings
- Windows 8 : Configuring security - Managing Windows Firewall and exceptions (part 2) - Modifying a firewall profile
- Windows 8 : Configuring security - Managing Windows Firewall and exceptions (part 1) - Choosing Windows Firewall
- Exchange Server 2010 : Interoperability with Earlier Versions of Exchange
- Exchange Server 2010 : Positioning the Client Access Server in Your LAN (part 2) - Client Redirection, Client Access Arrays
- Exchange Server 2010 : Positioning the Client Access Server in Your LAN (part 1) - Client Access Server Proxying
- SQL Server 2012 Security : SQL Server Instance Security (part 2) - Server Permissions, Endpoints, User-Defined Server Roles
- SQL Server 2012 Security : SQL Server Instance Security (part 1) - Creating a SQL Server Login, Server Roles
- SQL Server 2012 Security : Terminology
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us