Hands-On Project - Firewall Rules
In this project you will create two simple firewall rules in Windows Advanced Firewall. This may be the first time you have made a modification to the firewall on your computer. The first rule will block all ICMP traffic. This will effectively prevent you from using the ping command to send ICMP packets to other computers. You will use a command prompt to verify the rule was effective.
The second rule will block all outgoing Port 80 traffic. Port 80 is traditionally associated with Web traffic (HTTP). Once you create and enable the rule, all outgoing Port 80 traffic will be blocked. You will use a Web browser to verify the rule was effective, however, secure Web traffic (HTTPS) running over Port 443 will still be accessible.
Both of the rules in this project will apply to outgoing traffic only. It is important to remember to disable the rules at the end of the project so your ICMP and Port 80 traffic will not be blocked.
Directions:
- Click Start.
- In the search box, type cmd
- Press Enter.
- Type ping www.google.com
- Press Enter. (This will ping www.Google.com)
- Type time
- Press Enter twice.
- Take a screenshot.
- Click Start, Control Panel, System and Security, and Windows Firewall.
- Click Advanced settings.
- Click Outbound Rules.
- Click New Rule (right-hand pane).
- Click Custom, Next, and Next.
- Change the dropdown box to ICMPv4.
- Click Next, Next, Next, and Next.
- Name the rule YourName_Block_ICMP. (Replace YourName with your first and last names. In this case, it was RandyBoyle_Block_ICMP.)
- Click Finish.
- Return to your command prompt.
- Type ping www.google.com
- Press Enter. (This will ping www.google.com. You should get a "General failure" error.)
- Type time
- Press Enter twice.
- Take a screenshot.
- Open a Web browser.
- Browse to www.Google.com. (This will verify that you do have Internet access.)
- Return to the Windows Advanced Firewall window.
- Click Outbound Rules.
- Click New Rule (right-hand pane).
- Click Port, and Next.
- Type "80" into the text box for Specific remote ports. (This will effectively block all outgoing Web traffic from your computer. You will disable/delete this rule later.)
- Click Next, Next, and Next.
- Name the rule YourName_Block_Port_80. (Replace YourName with your first and last names. In this case, the rule was named RandyBoyle_Block_Port_80.)
- Click Finish.
- Return to your Web browser.
- Browse to any non-secure (not HTTPS) website of your choosing. You can browse to any website as long as it does not make an HTTPS connection (Port 443). The rule you made only blocks Port 80 Web traffic.
- Take a screenshot of the blocked website. (In this case, it was www.Microsoft.com.)
- Return to the Windows Advanced Firewall window.
- Select both of the rules you created.
- Right-click the selected rules.
- Click Disable Rule. (If you don't disable the rules, your ICMP and Web traffic will still be blocked.)
- Take a screenshot of your disabled rules.
Submit your Screenshots and answer the following questions:
- How could blocking all ICMP traffic protect you?
- Could you still access some websites with your Port 80 rule enabled? Why?
- Why would you want to allow incoming (not outgoing) Port 443, but block incoming Port 80?
- Could malware rename itself in order to get through a firewall? Why would this work?
Your well-written paper should meet the following requirements:
- Be two to four pages in length
- Contain an illustrative table or a diagram created from properly cited external references
- Include two credible external references in addition to the textbook
- Formatted according to APA writing guidelines.