UEU-co logo

ch21lev1sec6.html


Previous Page Next Page

Working with Connection Security Rules

Inbound and outbound rules control the movement of data to and from a particular computer (say a server) on the network (as already discussed). The Windows Firewall also offers connection security rules, which are used to control authentication between two computers (say two network servers) so that any connection established between these two network nodes is secure. Connection security rules use authentication methods such as certificates (discussed in Hour 22, “Using Network Address Translation and Certificate Services”) and IPSec to secure these computer-to-computer connections (IPSec is discussed later in the hour).

There are no default connection security rules (when you select the Connection Security Rules node in the Windows Firewall and Advanced Security snap-in). You can create your own connection security rules, and there are five types of connection security rules:

You create connection security rules by using the New Connection Security Rule Wizard. Let’s create a custom rule that enables you to look at the information that you have to provide to create the other connection security rule types (isolation, authentication exemption, and so on); follow these steps:

1. Select the Connection Security Rules node in the Windows Firewall with Advanced Security snap-in.

2. In the Actions pane, click New Rule. The New Connection Security Rule Wizard opens.

3. On the first wizard page, select the connection rule type, such as Custom. Then click Next to continue.

4. On the next wizard page (see Figure 21.8) you specify the endpoints for the connection: Endpoint 1 can be the local computer or a subnet of IP addresses available to the local computer, and endpoint 2 would be the other side of the connection, specified by an IP address or range of IP addresses. After specifying the endpoints, click Next.

Figure 21.8. Specify endpoints for the connection security rule.

[View full size image]

5. On the next wizard page, you select the type of authentication to be used:

  • Request Authentication For inbound and Outbound Connections— Authentication is not required by this option but is the preferred setting (meaning inbound or outbound authentication is not really required but you might want to use it anyhow).
  • Require Authentication for Inbound Connections and Request Authentication for Outbound Connections— Inbound connection must be authenticated; however, outbound connection authentication is not required.
  • Require Authentication for Inbound and Outbound Connections— Both inbound and outbound connections must be authenticated or the data traffic is blocked by the rule.
  • Do Not Authenticate— No authentication is required by this connection rule.

After specifying the authentication type for the rule, click Next.

6. On the next wizard page, you select the authentication method to be used by the rule (see Figure 21.9). The default option uses the authentication method selected for the profile (the method with which the rule will be associated. You can also select to authenticate based on both the user and computer (requiring domain membership), the computer only, or use a computer certificate (certificates are discussed in Hour 22). After making your selection, click Next to continue.

Figure 21.9. Specify the authentication method for the connection security rule.

[View full size image]

By the Way

You can also specify a first and second authentication method for a connection security rule by using the Advanced option on the Authentication Method page of the New Connection Security Rule Wizard.

7. On the next page, select the profile with which the connection rule will be associated (Domain, Private, Public). All the profiles are selected by default. Then click Next.

8. On the last wizard page, provide the name and an optional description for the rule. Then click Finish.

The new connection security rule appears in the rules list in the Details pane. You can edit the settings for a connection security rule by double-clicking that rule. The Properties dialog box for the rule opens, enabling you to edit any of the settings that you specified for the rule when you created the rule using the New Connection Security Rule Wizard.

Previous Page Next Page

Leave a Reply


Time limit is exhausted. Please reload the CAPTCHA.

Categories

apply_now Pepperstone Group Limited