vista firewall
TRANSCRIPT
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 1/41
Windows Firewall con
seguridad avanzada.
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 2/41
• Windows Vista Firewall
• Configuración y como solucionar problemas.
• Integrar el Firewall con IPSec
Agenda
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 3/41
Level 200
• TCP/IP
•Políticas de grupo.
•Conocimientos de Firewall
Conocimientos necesarios.
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 4/41
Problemas actuales de las redes.
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 5/41
Nueva Pila TCP/IP de Windows Vista
WindowsFilte
ring
PlatformAPIIPv4
802.3
WSK
WSK Clients TDI Clients
NDIS
WLANLoop-
back
IPv4
TunnelIPv6
Tunnel
IPv6
RAWUDPTCP
Next Generation TCP/IP Stack (tcpip.sys)
AFDTDXTDI
Winsock User Mode
Kernel Mode
•Arquitectura Dual-IP para un soporte nativo de IPv4 y IPv6.Arquitectura Dual-IP para un soporte nativo de IPv4 y IPv6.
• Mejor integración con IPsec.Mejor integración con IPsec.• Mejor rendimiento gracias a la aceleración por HW.Mejor rendimiento gracias a la aceleración por HW.• Capacidad de auto-tuning y mejores algoritmos de optimización.Capacidad de auto-tuning y mejores algoritmos de optimización.• Mejor extensibilidad y fiabilidad gracias a nuevos APIsMejor extensibilidad y fiabilidad gracias a nuevos APIs
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 6/41
Nuevas Características.TechnologiesTechnologies SecuritySecurity ExperienceExperience ScalabilityScalability
IPsec XVPN Routing Compartments X
Windows Filtering Platform (WFP) X X
Secure Sockets API X
IPv6 X
TCP Chimney XTCP-A (I/OAT) X
Receive Side Scaling X
Receive Window Auto-Tuning X X
Compound-TCP (CTCP) – CongestionControl
X X
Wireless Reliability X
Black-Hole Router Detection (BHRD) X
Dead Gateway Detection X
Network Diagnostics / Extended TCPStatistics
X
Policy-based Quality of Service (eQoS) X X
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 7/41
Drill-down: Performance
Optimized performance without lossOptimized performance without lossIntelligent, automated tuning of TCP receiveIntelligent, automated tuning of TCP receive
window sizewindow sizeBetter packet loss resiliency (e.g. wirelessBetter packet loss resiliency (e.g. wirelessconnectivity)connectivity)Advanced congestion control for better throughputAdvanced congestion control for better throughput
Automatically adjusts for maximumAutomatically adjusts for maximumefficiencyefficiencyFaster network transfers, especially across WANFaster network transfers, especially across WANlinkslinksOptimized use of available network bandwidthOptimized use of available network bandwidth
Reduced packet loss resulting in fewer retransmitsReduced packet loss resulting in fewer retransmits
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 8/41
The Receive Window
LimitationNorthNorth
AmericaAmerica
IntercontinentalIntercontinental
Fiber Fiber
SatelliteSatellite
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 9/41
Historia del Windows Firewall
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 10/41
Características del Windows Firewall
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 12/41
Windows Firewall Features - Notes
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 13/41
Reglas del Firewall
Service Restrictions
Connection Security Rules
Authenticated Bypass Rules
Block Rules
Allow Rules
Default Rules
Local Policy
GPO
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 14/41
Nuevos algoritmos criptográficos.
Encryption: AES-128, AES-192, AES-256Key Exchange: ECDH P-256, ECDH P-384
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 15/41
Nueva consola de seguridad avanzada
Por nombre de aplicación
Todos ó múltiples puertos
Todas la direcciones dentro de
una subnet.
Todas las IP’s en un rango.
Todos los adaptadores wireless
Usuario de AD ó cuenta de
maquina.
ICMP ó ICMP v6
Servicios
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 16/41
Consola de seguridad avanzada
By application name
All or multiple ports
All addresses on a local subnet
All addresses in a numeric range
All wireless adapters
Active Directory user or
computer account
ICMP or ICMP v6 type or code
value
For services
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 18/41
Demo
Administrando Windows Firewall
demo
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 19/41
• Windows Vista Firewall
• Configuración y como solucionar problemas
• Integrar el Firewall con IPSec
Agenda
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 20/41
Reglas del Firewall
Cuentas y grupos del Active Directory
Direcciones Ip de Origen y Destino
Tipos de Interfaces.
Puertos TCP y UDP de Origen y Destino
Servicios
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 21/41
Conocimiento de la RED
Ping
Ping
Ping
C i i t d l RED (2)
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 22/41
Conocimiento de la RED (2)
Ping
Ping
Ping
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 23/41
Demo
Configurar el Firewall
demo
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 24/41
Troubleshooting
192.000.0.0
192.000.1.0
192.000.0.1
192.000.0.2
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 25/41
Demo
Solucionar problemas del Firewall
demonstration
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 27/41
• Windows Vista Firewall
• Configuración y como solucionar problemas
• Integrar el Firewall con IPSec
Agenda
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 28/41
IPSec Overview
IPSec
Policy
Key Exchange
Methods (IKE)
Filter List
Authentication
Methods (Kerberos,
Certificates, StaticKeys)
Rules
ActionSecurity
Methods
(Encryption,Hashing, Key
Lifetimes)Filters
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 29/41
IPSec Overview - Notes
IPSec
Policy
Key Exchange
Methods (IKE)
Filter List
Authentication
Methods (Kerberos,
Certificates, StaticKeys)
Rules
ActionSecurity
Methods
(Encryption,Hashing, Key
Lifetimes)Filters
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 30/41
Firewall con IPSec
IPSec
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 31/41
Windows Firewall and IPSec - Notes
IPSec
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 32/41
Segmentación Dinámica basada en Políticas
Policy Based Dynamic Segmentation
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 33/41
Policy-Based Dynamic Segmentation
- Notes
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 34/41
Configuración de Políticas IPSec
Simplified IPSec Policy
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 35/41
Simplified IPSec Policy
Configuration - Notes
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 36/41
You can
require
protected
traffic for domain
controllers.
IPSec policy in
the domain can
request
protectedtraffic but not
require it.
You don’t
need to
configure
rules for domain
controllers.
Improvedload
balancing
and
clustering
server
support.
Protección IPSec Cliente -a- DC
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 37/41
You can
require
protected
traffic for domain
controllers.
IPSec policy in
the domain can
request
protectedtraffic but not
require it.
You don’t
need to
configure
rules for domain
controllers.
Improvedload
balancing
and
clustering
server
support.
Client-to-DC IPSec Protection - Notes
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 38/41
Health Certificate Server
Autentificación IPSec mejorada
Health
Certificate
Extended
Mode
•Kerberos
credentials of the
logged-on user
account
•NTLM v2
credentials of the
logged-on user account
•A user certificate
•A computer
health certificate
Multiple
Authentication
Methods
Improved IPSec Authentication -
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 39/41
Health Certificate Server
Improved IPSec Authentication -
Notes
Health
Certificate
Extended
Mode
•Kerberos
credentials of the
logged-on user
account
•NTLM v2
credentials of the
logged-on user account
•A user certificate
•A computer
health certificate
Multiple
Authentication
Methods
8/8/2019 Vista Firewall
http://slidepdf.com/reader/full/vista-firewall 40/41
•
Mejores Opciones de configuración
•
Solución de problemas mas sencilla
•
Mejor integración de IPSec con Windows Firewall
Resumen