Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Windows Server 2003 : Protecting Hosts with Windows Host Firewalls - Protocol Filters

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
5/3/2013 5:41:38 PM

1. Protocol Filters

The Windows Firewall and the RRAS Basic Firewall are not the only options available for restricting incoming traffic. Several options exist that can be used to permit and/or block traffic by setting protocol filters. TCP/IP Filters can be set directly on the network connection. Routing and Remote Access Policies provide an option to set remote access protocol filters. IPSec policies can be established that block or permit access to specific ports. Unlike the Windows Firewall, the RRAS Basic Firewall protocol filters are not stateful. Protocol filters can be set for incoming and outgoing traffic.

1.1. TCP/IP Filters

Basic protocol filters can be established on any TCP/IP interface. These packet filters are static filters and only operate to filter inbound TCP/IP communications based on port or protocol IP number. If TCP/IP filters are configured, all traffic is dropped except for what is sent to the ports and/or protocol IP numbers specified in the interface. In this way, filtering occurs by exception; either it is not used at all, or only those ports defined in the filter are listening for incoming traffic.

To create packet filters on an interface, begin by opening the interface Properties page. Click Start, then select and open Control Panel. Select and open "Network connections," then right-click on the desired network interface and click Properties. Click the Advanced button. Select the Options tab and click the Properties button. You will see the screen shown in Figure 1.

Select Enable TCP/IP Filtering (All Adapters). For each box (TCP Ports, UDP Ports, and IP Protocols), leave the default Permit All or select Permit Only. If Permit Only is

Figure 1. Simple protocol filters can be configured within the TCP/IP properties pages

selected, click the Add button and enter a port to allow and then click OK. Repeat the process until all required ports have been selected and appear in the boxes.

By default, TCP/IP filters will block all communications with the exception of those protocols you configure. Before enabling filtering, ensure that you understand what ports are required.


1.2. Routing and Remote Access Protocol Filters

In addition to providing a basic firewall service, protocol filters can be added to an RRAS routing interface, or to an RRAS remote access policy. To set remote access protocol filters, create a remote access policy or configure filters for an existing policy. The policy should establish parameters for connectivity. Adding inbound and outbound filters is an additional configuration item. Packet filters can be configured for inbound and outbound traffic, and can be set to pass all traffic except packets defined in filters, or to discard all traffic except packets allowed by filters.

To configure protocol filters on a routing interface, begin by opening the RRAS console and selecting the General node. In the detail pane, right-click the interface on which to add a filter and click Properties. Click the General tab and then click either Inbound Filters or Outbound Filters. Select the filter action. Click New to add a port to filter. On the "Add IP filter" page, select either Source Network or Destination Network. Enter the IP address and subnet mask. Use the drop-down Protocol box to select TCP, UDP, ICMP, Any, or Other. Enter the required source and destination port. Click OK twice to return to the General page. Repeat the process to add additional filters.

1.3. Filtering Using IPSec

The IPSec protocol is built into the network stack of Windows Server 2003. In addition to providing security for communications between hosts on a LAN, IPSec can also be configured to block or permit inbound and/or outbound communications. An IPSec policy is composed of one or more rules, each of which can contain multiple filters. Each IPSec filter defines a source and destination IP address, and source and destination port or protocol ID. Therefore, in addition to filtering based on port alone, IPSec can block communications based on port and IP address combinations. A filter action determines whether the specific packet is blocked or permitted. IPSec policies can be simple (such as one that "blocks all traffic to port 23"), be a combination of filters (such as "block all traffic except port 80 traffic from this specific range of IP addresses"), and be quite complex (with multiple inbound and outbound filters).

All IPSec filters are static filters. IPSec policies can be implemented locally, or applied via a Group Policy if the computer is joined in a domain.

2. Which Firewall Services Should You Use?

With so many options for creating host-based firewall services, which option should be used? Like most security decisions, the answer is, "It depends." Many factors are likely to influence this decision, but the most important deciding factors are your specific business and security requirements. Use Table 1 to select a firewall service that meets all of your requirements. If multiple services do so, in most cases the one that is simplest to implement will be the best choice.

Table 1. Firewall services decision points
AttributeTCP/IP protocol filteringWindows FirewallIPSecRRAS basic firewallRRAS protocol filters
Implementation difficultySimplestSimpleComplexSimple to complexSimple to complex
Direction of traffic that can be filteredInboundInboundInbound and outboundInbound and outboundInbound and outbound
Filters can be based on the IP address of the sourceNoYes (called exception scope)YesYesYes
Provides a DHCP allocatorNoThe Windows Firewall used with ICSNoYesYes
DHCP range is configurableN/ANoN/AYesYes
Designed to be combined with NAT on the same systemNoThe Windows Firewall used with ICSNoBasic firewall plus NATNo
Can be managed via Group PolicyNoYesYesNoNo
Provides options for central managementNoVia Group PolicyGroup PolicyIAS and remote access policiesIAS and remote access policies
Provides static filteringYesYesYesYesYes
Provides stateful filteringNoYesNoYesNo
Provides application layer filteringNoNoNoNoNo

Other -----------------
- Windows Server 2003 : Protecting Hosts with Windows Host Firewalls - Routing and Remote Access Basic Firewall
- System Center Configuration Manager 2007 : Customizing Configuration Manager Reports (part 3) - Reporting on Custom Data
- System Center Configuration Manager 2007 : Customizing Configuration Manager Reports (part 2) - Customizing Report Data Selection
- System Center Configuration Manager 2007 : Customizing Configuration Manager Reports (part 1) - Customizing Report Layout and Display
- System Center Configuration Manager 2007 : Reporting - Dashboards
- Client Access to Exchange Server 2007 : Getting the Most Out of the Microsoft Outlook Client - Deploying Outlook 2007
- Client Access to Exchange Server 2007 : Getting the Most Out of the Microsoft Outlook Client - Understanding RPC Over HTTPS in Outlook 2007
- SharePoint 2010 : Farm Governance - Configuring Resource Throttling
- SharePoint 2010 : Farm Governance - Creating a new policy for a web application
- Workflow in Dynamics AX 2009 : Windows Workflow Foundation, Automating Business Processes
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server