Lesson 1: Configuring Security Settings in Windows Firewall

381

NOTE

Advanced firewalls

Although it can do many things, the firewall that comes with Windows Vista is primitive compared

with enterprise-level firewalls like ISA Server 2006 Enterprise edition. Not only can an enterprise-

level firewall filter based on port, protocol, source, and destination, it can also inspect traffic and fil-

ter based on its content. For example, it is possible to block webpage downloads or e-mails at the

firewall that contain specific words or file types. In terms of what fully featured enterprise-level fire-

walls can accomplish, Windows Vista’s firewall is only the tip of the iceberg.

Practice: Windows Firewall Configuration

In these practices, you will perform several exercises that will familiarize you with the config-

uration of both the Windows Firewall and Windows Firewall with Advanced Security. To com-

plete all these practices, you need to be logged on to Windows Vista with an account that can

use elevated privileges.

Practice 1: Configuring an Exception By Using Windows Firewall

In this practice, you will configure an exception in the standard Windows Firewall to allow

incoming TCP traffic on port 6667 on the currently active profile. Normally, you would do this

if you were running an Internet Relay Chat server off your Windows Vista computer.

1. Open the Windows Firewall item in the Control Panel.

2. Click Change Settings.

3. Click Continue to close the User Account Control dialog box.

4. In the General tab, ensure that the Block All Incoming Connections check box is cleared.

5. In the Exceptions tab, click Add Port.

6. In the Add A Port dialog box, type IRC Server in the Name text box and 6667 in the Port

Number text box. Click OK to close this dialog box.

7. Click OK to close the Windows Firewall Settings dialog box.

Practice 2: Configuring an Inbound Rule By Using Windows Firewall with Advanced

Security

In this practice, you will create a rule that allows hosts on the subnet 10.10.10.0 /24 to connect

to a web server on your Windows Vista computer.

1. Open Windows Firewall with Advanced Security by opening the Administrative Tools

item in Control Panel.

2. Click Continue to close the User Account Control dialog box.

3. In the Windows Firewall With Advanced Security console, click Inbound Rules.

4. In the Actions pane, click New Rule.

5. On the Rule Type page, select Custom, and click Next.