Computer security is an important issue and everyone should look into it or trust someone to help them with security.
In the tip Optimize Windows Vista firewall
we already showed where you can set and configure the Vista firewall. In this workshop we will go a little deeper into the subject Windows Vista Firewall .

Windows Vista Firewall Set and Configure was used in Windows Vista Ultimate, but the new Windows Firewall is available in all Windows Vista versions.

 

 

 

 

 

 

 

 

 

 

 Innovations of the Windows Vista Firewall

First of all for those who are not yet familiar with the new features of the Windows Vista Firewall.

 

• Incoming and outgoing traffic can be monitored, allowed or blocked.
• Configuration via a Microsoft Management Console (MMC interface).
• Integration of Internet Protocol Security (IPsec) and firewall filtering.

Explanation of the Microsoft Management Console (MMC interface)

 

With mmc in short, you mean the Construction, Structure and presentation of information in a window. mmc states that a window is basically divided into three columns.
The left column shows the whole structure and the right column is called the detail window, where more detailed functions are displayed.
The main information is displayed in the middle area.

 

? Explanation of Internet Protocol Security (IPsec)

 

IPsec is a Security protocol and is said to supplement a weakness in the Internet protocol (IP) remedy. Thus increased IPsec the network security is enormous and should protect against replay attacks.
A replay attack is the interception of information from the network in order to reconstruct and exploit an action.

 

Set and configure the extended Vista Firewall via the Microsoft Management Console (MMC interface)

 

The Microsoft Management Console is nothing new, it was already available under Windows XP Professional, but you couldn't integrate the firewall under it.
The first thing you have to do is Snap-In in the MMC console.

 

MMC console under Windows Vista

With Windows key + r and in the "Run" window mmc enter or click on Vista logo (Start) and in the search field mmc confirm each time with Enter.

In the MMC on:

 

File> Add / Remove Snap-in > then in the left window under Available snap-in
"Windows Firewall with Advanced Security" select and click Add click the following window with ??Complete?? confirm.

Add / Remove Snap-In ...

Select computer

The Windows firewall is now integrated into the MMC interface with enhanced security.

 

Windows firewall with extended security under MMC

One of the fastest options is to start the firewall with enhanced security Windows key > Input fi > Enter and the Windows Firewall is started with extended security. Caution: This tip only works if you don't install another program that pushes itself before the search.

 

 

Generally via the Windows firewall with extended security

In the left part of the window you can click on ??Windows Firewall with Advanced Security on Local Computer?? display the structure.

 

• Incoming rules
• Outgoing rules
• Connection security rules
• Surveillance

 

Left pane in Windows Vista Firewall

 

The following points can be found in the main area:

• Overview of the profiles (standard profiles are Domain Profile, Private Profile and Public Profile).
• Windows Firewall Properties.
  Here you can switch the profiles on or off and configure them. You can also find the IPsec settings here.
• First steps Description for:
  • Connection security rules
  • Incoming rules
  • Outgoing rules
  • Surveillance

 

Main area with the individual profiles

In the right window area (detail window):

• Import policies
• Export policies
• Restore
• View
• New window
• Update
• Properties corresponds to Windows Firewall properties in the main area
• Assistance

 

Right pane (details pane)

The content in the main area and the right window area are variable, it depends on what you have just selected in the left window area.

 

 

The Windows Vista firewall profiles with description

An excerpt from the Windows Vista Help:

 

domain

 

This profile is used when a computer is connected to a network that has its domain account on.

 

Private

 

This profile is used when a computer is connected to a network that does not have its domain account on, e.g. B. in a home network. The settings of the private profile should be more restrictive than those of the domain profile.

 

Public

 

Applied when a computer is joined to a domain through a public network, such as a B. Computers at airports and in coffee shops. The public profile settings should have the most severe restrictions, as the computer is connected to a public network, where security cannot be as tightly controlled as in an IT environment.

 

 

Firewall profiles in detail view

 

Exception for ??Incoming network traffic?? configure

To create a rule, select ?? in the left pane.Incoming rules?? the end. Now you can click in the right window area (detail window) New rule... . click

 

 

Create new rules for incoming network traffic

Following Rule types are available:

 

• Program (Rule that controls connection for a program.)
• Port (The Harbour District) (Rule that controls the connection for a TCP or UDP port.
• Predefined (Rule that controls connection for a Windows operation.)
• custom (Custom rule)

We choose the radio button Program out and go on. The following steps can be seen clearly in the left window area.

 

 

 

New Inbound Rule Wizard

In the following dialog you can configure a specific program or the rule for all programs.

 

Here we choose for ??All programs?? out and go on find out more.

 

 

 

In step SALE stand arrived

• Allow connections (to allow connections protected with IPsec as well as other connections)
• Allow connection if it is secure. (Only connections protected by IPsec)
• Block connections

to select. ??Block connectionsLet's take this example, this means that the computer can no longer be accessed from outside.

 

 

 

In the last steps you decide for which profiles the rule should be used and assign a name.

 

 

 

 

 

The rule can be deactivated, deleted or reconfigured under Properties in the detail window.

 

 

Exception for outbound network traffic configure

To be a rule for outbound network traffic the process of creating rules is the same as creating rules for the incoming network traffic, with the consideration that the Vista rule is configured externally. The exact process is described above.

 

 

 

Creation of a connection security rule

About connection security rules.
As the name suggests, it is not programs and services that are regulated, but those Communication (Connection) between two end devices.
The task is to provide a computer and / or a user authenticate. That will be with the Security protocol IPsec realized, but now to create a connection security rule.

 

 

 

First you choose in the left window area Connection security rules and click in the details window New rule...

 

There are again several rule types to choose from

 

• insulation (Restricts connections based on authentication criteria, such as domain membership or health status.
• Authentication exception (Does not authenticate connections from the specified computers.
• Server-to-server Authenticate connections between the specified computers.
• Tunnels Authenticate connections between the gateway computers.
• custom (Custom rule)

For this process we choose insulation .

 

New Connection Security Rule Wizard

In step Requirements for the job you can choose how the authentication is used.

 

• Request authentication for incoming and outgoing connections. (Always perform authentication if possible. However, authentication is not required.)
• Authentication is required for incoming connections and must be requested for outgoing connections. (Incoming connections must be authenticated. Always authenticate outgoing connections if possible. However, authentication is not required.
• Authentication is required for inbound and outbound connections (Incoming and outgoing connections must be authenticated to be allowed.)

We vote ??Authentication is required for incoming and outgoing connections ?? thus we block all incoming and outgoing communication that does not authenticate.

 

The authentication method must also be determined and the following methods are available to us:

 

• Standard (Use authentication method specified in profile properties.)
• Computers and Users [Kerberos V5] (Restrict communications to connections from domain-joined users and computers. Provides identity information for authorizing specific users and computers in inbound and outbound rules.)
• Computers [Kerberos V5] (Restrict communications to connections from domain-joined users and computers. Provides identity information for authorizing specific users and computers in inbound and outbound rules.)
• Computer certificate (Restrict communication to connections from computers that have a certificate from this certification authority.
• Erweitert (Enter custom for first and second authentication.)

Here we choose the Standard method from the profile.

 

 

 

So what kind of connection rule have we created now?
insulation means that for example only computers with the same Domain or workgroup to communicate with my computer and that applies to incoming and outgoing connections. The other computer must also be able to authenticate itself, but IPsec is relevant for authentication.
And since IPsec is very complex, I won't go into it any further.

 

In the last steps you determine for which profiles the rule should be used and assign a name.

 

 

Surveillance

Last but not least, you can monitor all activities of the inbound and outbound network traffic, which are each divided into:

 

 

• Firewall
  
• Connection security rules
  
• Security Association Zones

Under the point Surveillance will still be the Firewall status, General Settings and Logging settings of all profiles are displayed.

 

 

 

Monitoring with the individual points firewall, connection security rules ...

 

Firewall ?? monitoring

 

A detailed overview of all firewall activities can be monitored under this point. Which action was allowed or blocked?
Was it inbound or outbound?

 

 

 

Network actions in detail

 

 

Connection security rules ?? monitoring

• All active connection security rules are displayed here with the configured settings.

 

Security Association Zones ?? monitoring

• Main mode
  Main mode negotiation establishes a secure channel between two computers and sets some cryptographic protection suite. Protection collection can, for example, be computer data authentication or secret keys are exchanged. This information can be mapped and monitored through the main mode.
  Currently connected computers are displayed.
  
  
• Quick mode
  Also like in main mode, a secure channel is established between two computers. Used to negotiate fast mode IKE (Internet Key Exchange) to protect the data. Security associations are set up when the connection is established; this association is negotiated via the IPsec (Internet Protocol Security) service.
  The quick mode is not a complete exchange because it is dependent on the main mode exchange.

 

Conclusion

With the new Windows Vista firewall, Microsoft has already taken a really big step forward. But you also have to emphasize very clearly that there are much better firewalls that are also capable of learning. Anyone who has tried this workshop can definitely have a say in what's in the new Windows Vista firewall from Microsoft.

 

 

___________________________________________________
This tip comes from www.win-tipps-tweaks.de
© Copyright Michael Hille

Warning:
Using Registry Editor or its tips incorrectly can cause serious system problems that may require you to reinstall your operating system. Tampering with the registry files and using the tips is at your own risk.