vista firewall

8/8/2019 Vista Firewall

http://slidepdf.com/reader/full/vista-firewall 1/41

Windows Firewall con

seguridad avanzada.



• Windows Vista Firewall

• Configuración y como solucionar problemas.

• Integrar el Firewall con IPSec

Agenda



Level 200

• TCP/IP

•Políticas de grupo.

•Conocimientos de Firewall

Conocimientos necesarios.



Problemas actuales de las redes.



Nueva Pila TCP/IP de Windows Vista

WindowsFilte

ring

PlatformAPIIPv4

802.3

WSK

WSK Clients TDI Clients

NDIS

WLANLoop-

back

IPv4

TunnelIPv6

Tunnel

IPv6

RAWUDPTCP

Next Generation TCP/IP Stack (tcpip.sys)

AFDTDXTDI

Winsock User Mode

Kernel Mode

•Arquitectura Dual-IP para un soporte nativo de IPv4 y IPv6.Arquitectura Dual-IP para un soporte nativo de IPv4 y IPv6.

• Mejor integración con IPsec.Mejor integración con IPsec.• Mejor rendimiento gracias a la aceleración por HW.Mejor rendimiento gracias a la aceleración por HW.• Capacidad de auto-tuning y mejores algoritmos de optimización.Capacidad de auto-tuning y mejores algoritmos de optimización.• Mejor extensibilidad y fiabilidad gracias a nuevos APIsMejor extensibilidad y fiabilidad gracias a nuevos APIs



Nuevas Características.TechnologiesTechnologies SecuritySecurity ExperienceExperience ScalabilityScalability

IPsec XVPN Routing Compartments X

Windows Filtering Platform (WFP) X X

Secure Sockets API X

IPv6 X

TCP Chimney XTCP-A (I/OAT) X

Receive Side Scaling X

Receive Window Auto-Tuning X X

Compound-TCP (CTCP) – CongestionControl

X X

Wireless Reliability X

Black-Hole Router Detection (BHRD) X

Dead Gateway Detection X

Network Diagnostics / Extended TCPStatistics

X

Policy-based Quality of Service (eQoS) X X



Drill-down: Performance

Optimized performance without lossOptimized performance without lossIntelligent, automated tuning of TCP receiveIntelligent, automated tuning of TCP receive

window sizewindow sizeBetter packet loss resiliency (e.g. wirelessBetter packet loss resiliency (e.g. wirelessconnectivity)connectivity)Advanced congestion control for better throughputAdvanced congestion control for better throughput

Automatically adjusts for maximumAutomatically adjusts for maximumefficiencyefficiencyFaster network transfers, especially across WANFaster network transfers, especially across WANlinkslinksOptimized use of available network bandwidthOptimized use of available network bandwidth

Reduced packet loss resulting in fewer retransmitsReduced packet loss resulting in fewer retransmits



The Receive Window

LimitationNorthNorth

AmericaAmerica

IntercontinentalIntercontinental

Fiber Fiber

SatelliteSatellite



Historia del Windows Firewall



Características del Windows Firewall



Windows Firewall Features - Notes



Reglas del Firewall

Service Restrictions

Connection Security Rules

Authenticated Bypass Rules

Block Rules

Allow Rules

Default Rules

Local Policy

GPO



Nuevos algoritmos criptográficos.

Encryption: AES-128, AES-192, AES-256Key Exchange: ECDH P-256, ECDH P-384



Nueva consola de seguridad avanzada

Por nombre de aplicación

Todos ó múltiples puertos

Todas la direcciones dentro de

una subnet.

Todas las IP’s en un rango.

Todos los adaptadores wireless

Usuario de AD ó cuenta de

maquina.

ICMP ó ICMP v6

Servicios



Consola de seguridad avanzada

By application name

All or multiple ports

All addresses on a local subnet

All addresses in a numeric range

All wireless adapters

Active Directory user or

computer account

ICMP or ICMP v6 type or code

value

For services



Netsh Advfirewall



Demo

Administrando Windows Firewall

demo




• Configuración y como solucionar problemas


Agenda



Reglas del Firewall

Cuentas y grupos del Active Directory

Direcciones Ip de Origen y Destino

Tipos de Interfaces.

Puertos TCP y UDP de Origen y Destino

Servicios



Conocimiento de la RED

Ping

Ping

Ping

C i i t d l RED (2)



Conocimiento de la RED (2)

Ping

Ping

Ping



Demo

Configurar el Firewall

demo



Troubleshooting

192.000.0.0

192.000.1.0

192.000.0.1

192.000.0.2



Demo

Solucionar problemas del Firewall

demonstration



Mixed Environments




• Configuración y como solucionar problemas


Agenda



IPSec Overview

IPSec

Policy

Key Exchange

Methods (IKE)

Filter List

Authentication

Methods (Kerberos,

Certificates, StaticKeys)

Rules

ActionSecurity

Methods

(Encryption,Hashing, Key

Lifetimes)Filters



IPSec Overview - Notes

IPSec

Policy

Key Exchange

Methods (IKE)

Filter List

Authentication

Methods (Kerberos,

Certificates, StaticKeys)

Rules

ActionSecurity

Methods

(Encryption,Hashing, Key

Lifetimes)Filters



Firewall con IPSec

IPSec



Windows Firewall and IPSec - Notes

IPSec



Segmentación Dinámica basada en Políticas

Policy Based Dynamic Segmentation



Policy-Based Dynamic Segmentation

- Notes



Configuración de Políticas IPSec

Simplified IPSec Policy



Simplified IPSec Policy

Configuration - Notes



You can

require

protected

traffic for domain

controllers.

IPSec policy in

the domain can

request

protectedtraffic but not

require it.

You don’t

need to

configure

rules for domain

controllers.

Improvedload

balancing

and

clustering

server

support.

Protección IPSec Cliente -a- DC



You can

require

protected

traffic for domain

controllers.

IPSec policy in

the domain can

request

protectedtraffic but not

require it.

You don’t

need to

configure

rules for domain

controllers.

Improvedload

balancing

and

clustering

server

support.

Client-to-DC IPSec Protection - Notes



Health Certificate Server

Autentificación IPSec mejorada

Health

Certificate

Extended

Mode

•Kerberos

credentials of the

logged-on user

account

•NTLM v2

credentials of the

logged-on user account

•A user certificate

•A computer

health certificate

Multiple

Authentication

Methods

Improved IPSec Authentication -



Health Certificate Server

Improved IPSec Authentication -

Notes

Health

Certificate

Extended

Mode

•Kerberos

credentials of the

logged-on user

account

•NTLM v2

credentials of the

logged-on user account

•A user certificate

•A computer

health certificate

Multiple

Authentication

Methods



•

Mejores Opciones de configuración

•

Solución de problemas mas sencilla

•

Mejor integración de IPSec con Windows Firewall

Resumen



• Free chats and webcasts

• List of newsgroups

• Microsoft community sites

• Community events and columns

Where Else Can I Get Help?

www.microsoft.com/technet/community

vista firewall

Documents