Scribd
Upload
1 views

4.4 Implementing Host-based Firewall Functionality Using Windows Firewall

This document outlines a lab exercise focused on implementing host-based firewall functionality using Windows Firewall to enhance network security. It details the steps to configure the firewall to protect individual endpoints by blocking unauthorized remote access. The lab aims to demonstrate how to harden hosts within a network and apply specific firewall rules to prevent security breaches.

Uploaded by

Ziad Nasr
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
1 views

4.4 Implementing Host-based Firewall Functionality Using Windows Firewall

This document outlines a lab exercise focused on implementing host-based firewall functionality using Windows Firewall to enhance network security. It details the steps to configure the firewall to protect individual endpoints by blocking unauthorized remote access. The lab aims to demonstrate how to harden hosts within a network and apply specific firewall rules to prevent security breaches.

Uploaded by

Ziad Nasr
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

Module 04: Network Perimeter Security

2 Hr 12 Min Remaining
Instructions Resources Help 100%
Exercise 4: Implementing Host-based Firewall Functionality
Using Windows Firewall

A host-based firewall protects the system from various threats. Configuring a host-based firewall will
help achieve the real security implementation and Defense in Depth within an organization. The
normal strategy of a host-based firewall is to provide defense-in-depth and use a combination of layers
of protection within the organization.

Lab Scenario

Network defenders implemented various security layers in the organization; a single breach in
security can allow the attacker to leave malicious code or transfer the malicious file over the network.
Host-based firewall implementation is another security layer where the admin can allow or restrict
specific individual endpoints. In this lab, you will configure a host-based firewall to protect the
individual system connected to the network. Lab Objectives

This lab will demonstrate how to secure an individual endpoint within the network. In this lab, you
will learn how to do the following:

• Hardening the host within the network


• Applying rules in a host-based firewall

Overview of a Host-based Firewall

A host-based firewall is a software that makes the system or device secure. An example is the
Windows firewall, which is inbuilt in the Windows platform. The Windows firewall developed by
Microsoft Windows is an application that filters the incoming and outgoing Internet traffic and
blocks the malicious program communicating to the individual endpoint. The Windows firewall
(host-based) protects the individual endpoint over the network from various threats, viruses, and
malware.

Lab Tasks

If you have already launched Smoothwall Firewall, AD Domain Controller, and Admin Machine-1 VMs
in the previous exercise, skip steps from 1 to 12.

1. Click Smoothwall Firewall to launch Smoothwall VM.


2. Type the password toor and press the Enter button.
3. Press Tab button twice to navigate Done button and press the Enter button.
4. Wait for few seconds to load the smoothwall express, the smoothwall login screen
appears, leave smoothwall running.

5. Click AD Domain Controller to launch ADDomainController VM.


6. Click Ctrl+Alt+Delete link to login to AD Domain Controller.
7. By default CND\Administrator account is selected, click Pa$$w0rd and
press Enter to login.
8. The network screen appears, click Yes
9. Click Admin Machine-1 to launch AdminMachine-1 VM.
If already logged in to Admin Machine-1, skip steps 10 and 11.

10. Click Ctrl+Alt+Delete link to login to Admin-Machine-1.


11. By default Admin account is selected, click admin@123 and press Enter to login.
12. The network screen appears, click Yes.
13. Navigate to the Windows Start menu, type Remote Desktop Connection, and
press Enter.
14. The Remote Desktop Connection window will appear as shown in the screenshot
below. Type the 20.20.10.10 IP address of the Finance-Dept VM and click Connect.
15. The Windows Security pop-up window will appear. Type the username Finance-
Dept\alice and password user@123, and click OK
16. The Security Certificate pop-up will appear as shown in the screenshot below.
Click Yes.
17. After clicking Yes, you will see the Finance-Dept VM as 20.20.10.10 – Remote
Desktop Connection in the Admin-Machine-1 VM.
18. Click Restore down button of Remote Desktop window, to view connected desktop
properly.
19. In the previous task, we were able to access the Windows machine remotely because
there was no restriction for the individual system; therefore, another machine can access
this machine remotely. A network defender needs to apply a host-based firewall on an
individual machine to prevent the machine from being accessed remotely.
20. Switch to the Finance-Dept VM.
21. If already logged in as Alice user, skip below two steps.
22. Click Ctrl+Alt+Delete link to login to Finance-Dept.
23. Select other user and log in as Finance-Dept\Alice with the password user@123.
24. Open control panel.
25. Click the System and Security option.
26. The System and Security windows will appear. Click Windows Defender Firewall.
27. The Windows Defender Firewall window opens. Click Use recommended settings.
28. The Windows Defender Firewall is turned on for Domain, Private, and Guest or
Public network settings as shown in the screenshot below.
29. Click Advanced Settings in the left pane. The Windows Defender Firewall With
Advance Security window opens.
30. Click Inbound Rules option in the left side pane. The list of rules appears.
31. Search for Remote Desktop- Shadow (TCP-In) and double-click.
32. The Remote Desktop- Shadow (TCP-in) Properties window opens. Check radio
button Block the connection and click OK.
33. Next, search for Remote Desktop- User Mode (TCP-In) and double-click.
34. The Remote Desktop- User Mode (TCP-in) Properties window opens. Check radio
button Block the connection and click OK.
35. Next, search for Remote Desktop- User Mode (UDP-In) and double-click.
36. The Remote Desktop- User Mode (UDP-in) Properties window opens. Check radio
button Block the connection and click OK.
37. Now, we have blocked the Remote Desktop inbound connection. Let us verify the
blocking connection.
38. Close all the opened windows.
39. Switch to Admin Machine-1 VM.
40. The Previous session will end. Click OK.
41. Next, try to access Finance-Dept VM remotely. Type the 20.20.10.10 IP address of
the Finance-Dept VM in opened Remote Desktop connection window and
click Connect.
42. This time, you will not be able to connect the Remote Desktop for 20.20.10.10.
43. The host-based Windows firewall on host 20.20.10.10 will not allow the other host
(Admin-Machine-1) to communicate with unchecked programs listed in the allowed app
of the firewall in Finance-Dept host (20.20.10.10).
44. You will get the error message shown in the screenshot below.

You might also like