LOOK BEHIND THE SCENES: WINDOWS SERVER 2012 FIREWALL AT VOLKSWAGEN AG



Similar documents
Windows Firewall Applied. Rob Vinson ISPO Security Architect Dan Metzler ITS-EI Windows Systems Architect

WORKING WITH WINDOWS FIREWALL IN WINDOWS 7

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Windows Firewall with Advanced Security Step-by-Step Guide - Deploying Firewall Policies

Windows Firewall Exceptions Configuring Windows Firewall Exceptions for Docusnap

F-SECURE MESSAGING SECURITY GATEWAY

Setting Up Scan to SMB on TaskALFA series MFP s.

Implementing and Managing Security for Network Communications

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

Workflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015

RSA Security Analytics

Remote Access Technical Guide To Setting up RADIUS

This section provides a summary of using network location profiles to identify network connection types. Details include:

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements

The safer, easier way to help you pass any IT exams. Exam : Installing and Configuring Windows Server 2012 R2.

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

CSCI Firewalls and Packet Filtering

Cisco QuickVPN Installation Tips for Windows Operating Systems

Secure Web Appliance. SSL Intercept

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

INTRODUCTION... 2 Windows Windows Mac OS X Ubuntu Advanced routing Windows Mac OS X Ubuntu...

Firewall Firewall August, 2003

Firewalls (IPTABLES)

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

F-Secure Messaging Security Gateway. Deployment Guide

VMware vcloud Air Networking Guide

Using DC Agent for Transparent User Identification

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Active Directory Group Policy. Administrator Reference

Linksys RV042. TheGreenBow IPSec VPN Client. Configuration Guide.

Step-by-Step Configuration

Stateful Inspection Technology

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Watchguard Firebox X Edge e-series

Configuring Firewall Settings For Configuration Manager 2012 R2

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

MS Configuring Windows 8.1

Firewalls & Intrusion Detection

7.1. Remote Access Connection

Guideline for setting up a functional VPN

TheGreenBow IPsec VPN Client. Configuration Guide Cisco RV325 v1. Website: Contact:

Configuring Windows Server 2008 Network Infrastructure

Comodo MyDLP Software Version 2.0. Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

What is the Barracuda SSL VPN Server Agent?

Chapter 8 Router and Network Management

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Juniper NetScreen 5GT

Firewall Defaults and Some Basic Rules

Overview - Using ADAMS With a Firewall

Verizon Firewall. 1 Introduction. 2 Firewall Home Page

How To Configure Virtual Host with Load Balancing and Health Checking

Workflow Guide. Establish Site-to-Site VPN Connection using Digital Certificates. For Customers with Sophos Firewall Document Date: November 2015

Using RADIUS Agent for Transparent User Identification

BorderWare Firewall Server 7.1. Release Notes

DriveLock Quick Start Guide

Chapter 4 Firewall Protection and Content Filtering

Cisco AnyConnect Secure Mobility Solution Guide

Source-Connect Network Configuration Last updated May 2009

Chapter 4 Firewall Protection and Content Filtering

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

IP Filtering for Patton RAS Products

OVERVIEW OF TYPICAL WINDOWS SERVER ROLES

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

DIRECTACCESS FEATURE IN WINDOWS 7

How To - Implement Clientless Single Sign On Authentication with Active Directory

How To Industrial Networking

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Apliware firewall. TheGreenBow IPSec VPN Client. Configuration Guide.

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

411-Administering Windows Server 2012

Micronet SP881. TheGreenBow IPSec VPN Client Configuration Guide.

Table of Contents. Cisco Cisco VPN Client FAQ

IPv6 Hardening Guide for Windows Servers

Cisco RV 120W Wireless-N VPN Firewall

Security Technology: Firewalls and VPNs

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

Chapter 12 Supporting Network Address Translation (NAT)

Parallels Plesk Panel

This Technical Support Note shows the different options available in the Firewall menu of the ADTRAN OS Web GUI.

IT SYSTEMS ADMINISTRATOR PROGRAM

Avaya Operational Analyst 7.0 Security Guide COMPAS Issue 1.0 February 2005

Installing Kaspersky Security Center 10.0 on Microsoft Windows Server 2012 Core Mode

MS 50255B: Managing Windows Environments with Group Policy (4 Days)

How To Manage Ip Address Management In Windows Server 2012 (Gipam)

EXAM Installing and Configuring Windows Server Buy Full Product.

How To Test The Bandwidth Meter For Hyperv On Windows V (Windows) On A Hyperv Server (Windows V2) On An Uniden V2 (Amd64) Or V2A (Windows 2

Setup and configuration for Intelicode. SQL Server Express

How To Configure L2TP VPN Connection for MAC OS X client

How To Configure Apple ipad for Cyberoam L2TP

6445A - Implementing and Administering Windows Small Business Server 2008

Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services Course No.

Step-by-Step Configuration

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Windows Firewall with Advanced Security. Design Guide and Deployment Guide. Abstract

Serial Deployment Quick Start Guide

Transcription:

LOOK BEHIND THE SCENES: WINDOWS SERVER 2012 FIREWALL AT VOLKSWAGEN AG Ulf Seifert // Senior Consultant AGENDA WINDOWS FIREWALL //1 What it does and what it is used for? //2 Administrative Concepts //3 Strategies //4 Management Scenarios Implementation considerations at VW 2 1 21.11.2013

WINDOWS FIREWALL WHAT IT DOES AND WHAT IT IS USED FOR. THE WINDOWS FIREWALL a port-based firewall a stateful packet filter an application firewall freely available (part of the OS Windows Filter platform) switched on by default highly suitable IPv6 compatible 3 WINDOWS FIREWALL WHAT IT DOES AND WHAT IT IS USED FOR. THE WINDOWS FIREWALL HOW IT WORKS. Outgoing traffic is enabled by a default rule. Incoming traffic is examined and proofed against a list of the permitted traffics. If the package fits to the permitted traffic, it will be authorized to be further processed. If the package doesn t fit to the permitted traffic, it will be rejected. If the logging is configured, an entry will be created in the firewall logfile. 4 2 21.11.2013

WINDOWS FIREWALL WHAT IT DOES AND WHAT IT IS USED FOR. RULE TYPES Program Port Predefined Custom Allows traffic for a particular program Allows traffic on a particular TCP or UDP port or list of ports Groups of rules that allow Windows functionality on the network (for instance: file and printer sharing, network discovery, remote assistance, remote service administration, Windows collaboration, others) All the knobs and dials, switches and buttons 5 WINDOWS FIREWALL WHAT IT DOES AND WHAT IT IS USED FOR. THE FIREWALL RULE DO Action = {By-pass Allow Block} IF: Protocol = X AND Direction = {In Out} AND Local TCP/UDP port is in {Port list} AND Remote TCP/UDP port is in {Port list} AND ICMP type code is in {ICMP type-code list} AND Interface NIC is in {Interface ID list} AND Interface type is in {Interface types list} AND Local address is found in {Address list} AND Remote address is found in {Address list} AND Application = <Path> AND Service SID = <Service Short Name> AND Require authentication = {TRUE FALSE} AND Require encryption = {TRUE FALSE} AND Remote user has access in {SDDL} AND Remote computer has access in {SDDL} AND OS version is in {Platform List} 6 3 21.11.2013

WINDOWS FIREWALL WHAT IT DOES AND WHAT IT IS USED FOR. RULE MERGING AND EVALUATION ORDER Highest Service restrictions Connection rules Authenticated bypass Block rules Allow rules Restricts connections that services can establish; OS services already configured appropriately Restricts connections from particular computers; uses IPsec to require authentication and authorization Allows specified authenticated computers to bypass other rules Explicitly blocks specified incoming or outgoing traffic Explicitly allows specified incoming or outgoing traffic Lowest Default rules Default behavior for a connection 7 WINDOWS FIREWALL WHAT IT DOES AND WHAT IT IS USED FOR. NETWORK PROFILES Allow different firewall rules to be applied in different environments Domain Corporate Environment domain-joined Private Trusted/home network Public Coffee Shops, Airport, etc. Up to Windows 7 you can have multiple active profiles NLA detects network changes Identifies characteristics, assigns a GUID Network profile service creates profile upon connection Interfaces, DC, authenticated machine, gateway MAC NPS notifies firewall whenever NLA detects change Firewall changes category within 200ms More info: http://blogs.technet.com/b/networking/archive/2010/09/ 08/network-location-awareness-nla-and-how-it-relatesto-windows-firewall-profiles.aspx If not domain, user is queried for public or private Must be local administrator to define a private network 8 4 21.11.2013

WINDOWS FIREWALL WHAT IT DOES AND WHAT IT IS USED FOR. WHAT IF MULTIPLE INTERFACES? Examine all connected nets Is an interface connected to a net classified private? No Is an interface connected to a net classified public? No Yes Set category to private All interfaces see domain controller? Host authenticate? Yes No Yes Set category to domain Set category to public 9 ADMINISTRATIVE CONCEPTS TOOLS Group Policy Management Console (GPMC) Group Policy Editor (GPEdit) NetSH (bis 2012 ) Powershell 10 5 21.11.2013

ADMINISTRATIVE CONCEPTS MANAGING FIREWALL GPOS SOME CONCEPTS GPO Processing Order Local GPO Site Domain OU (Top to Bottom) 11 ADMINISTRATIVE CONCEPTS LOCAL GPO AND LOCAL SETTINGS If you don t block these, Domain GPO firewall rules and local settings are cumulative. If you want to prevent Domain GPOs from being overridden, then you have to block local settings and local GPO processing. Warning: This significantly impacts the number of rules required in Domain GPOs. 12 6 21.11.2013

ADMINISTRATIVE CONCEPTS FILTERING Computer Group only certain groups have permissions to apply the GPO WMI - If the filter evaluates to true the GPO applies Examples Certain OS versions SELECT Version FROM Win32_OperatingSystem WHERE Version >= "6" Certain Server Features installed SELECT Name FROM Win32_ServerFeature WHERE Name = "Web Server (IIS) Certain Program Installed SELECT Name FROM Win32_Product WHERE Name = "Cisco AnyConnect VPN Client" 13 STRATEGY Level Of Control 14 7 21.11.2013

STRATEGIES SERVER CATEGORIZATION allow role-specific firewall rules f. e.: web server, database server, domain controller etc. Support tools from Microsoft: Security and Compliance Manager 15 STRATEGIES 16 8 21.11.2013

STRATEGY Level Of Security 17 STRATEGIES IT S A BALANCE? Security requirements tend to drive the need for restricting traffic with firewall rules. Software requirements drive the need allow traffic through the firewall. 18 9 21.11.2013

STRATEGIES WHO MANAGES THE RULES? Typically those who have admin permissions are likely the group that installs software. Often the owner, (not necessarily the user of the computer), determines who has admin rights, and who controls firewall rules. Security office implements policy that often dictates rules. Auditors may need to audit rules on occasion. 19 STRATEGIES DEFAULT SECURITY Inbound Default rule: Block Outbound Default rule: Allow Only Inbound exceptions must be defined. 20 10 21.11.2013

STRATEGIES HIGH SECURITY / HIGH MAINTENANCE Inbound Default Rule: Block Outbound Default rule: Block All exceptions must be defined. 21 MANAGEMENT SCENARIOS Level Of Trust 22 11 21.11.2013

MANAGEMENT SCENARIOS LOOSE MANAGEMENT SCENARIO Environment End user has admin rights to the computer. End user often installs software. Software installs often open up rules in the process of installing. IT only might add a few rules through GPO. 23 MANAGEMENT SCENARIOS STRICT MANAGEMENT SCENARIO 1 Environment Users don t have admin permissions. IT controls local firewall settings. IT controls local gpo settings. Users request software not firewall settings. IT might use GPOs or just manage settings locally. 24 12 21.11.2013

MANAGEMENT SCENARIOS STRICT MANAGEMENT SCENARIO 2 Environment Users have admin permissions. IT wants to manage firewall rules centrally. Users need to request firewall rules. IT must use GPOs in this situation. Disable local firewall settings Disable local GPO processing 25 QUESTIONS & ANSWERS 26 13 21.11.2013

MANY THANKS FOR YOUR ATTENTION Ulf Seifert // Senior Consultant PHONE // FAX // E-MAIL // +49 (341) 24051-139 +49 341 24051-199 ulf.seifert@softline-group.com SOFTLINE SOLUTIONS GMBH GUTENBERG-GALERIE GUTENBERGPLATZ 1 04103 LEIPZIG PHONE // +49 341 24051-0, FAX // +49 341 24051-199, E-MAIL // LEIPZIG@SOFTLINE-GROUP.COM 14 21.11.2013

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information