Hands-On Project 9-3: Creating a Telnet Firewall Rule
Objective: Create a firewall rule to control Telnet traffic.
Description: Telnet is a protocol used for terminal emulation. Because it lacks support for encryption, Telnet is not used for sensitive communications across unsecure networks, but it makes a perfect protocol for demonstrating packet filtering. In this project, you enable Telnet on Windows Server 2008 and Windows 7, and then you learn to create firewall rules to control Telnet communications.
1. Log on to the Windows 7 system. Click Start. In the Search programs and files box, type cmd, and press Enter.
2. At the command prompt, type telnet, type the IP address of your Windows Server 2008 system, and press Enter. You receive an error message. Because Telnet is not a secure protocol, it is not enabled on Windows systems by default.
3. Click Start, click Control Panel, and click Programs and Features. In the Programs and Features window, click Turn Windows features on or off. In the next window, click the Telnet Client box, and click OK. Repeat Step 2. This time a different error message appears because Windows Server 2008 is not running the Telnet server service.
4. On Windows Server 2008, open Server Manager, click Features, click the Add Features link in the right pane, check the Telnet Server box, and click Next. Click Install. When the installation is complete, click Close.
5. From Windows 7, attempt Step 2 again. The command fails again.
6. From Windows Server 2008, open Server Manager, expand Configuration, click Services, and then scroll down and double-click Telnet. Again, for security reasons, Microsoft does not enable the Telnet Server service, even though it is installed. From the Startup type list box, select Manual. Click Apply, click Start, and click OK.
7. From Windows 7, attempt Step 2 again. The command succeeds, but Microsoft again wants to be sure that you are protected and asks you to confirm that you want to start the connection. Type y and press Enter. You are now managing the Windows Server 2008 system from the Windows 7 command prompt. You should see the C:\Users\Administrator prompt. If not, type cd C:\Users\Administrator, and press Enter. Type cd Desktop and press Enter. Type dir and press Enter to see the contents of the administrator's desktop. You should see the file called Private.txt that you created earlier in these projects. Type exit and press Enter to terminate the connection.
8. Now you will make a rule to block Telnet packets from entering Windows Server 2008. From the Windows Server 2008 system, open the Windows Firewall with Advanced Security window. Click Inbound Rules in the left frame. Click New Rule in the right frame. In the Rule Type window, click the Port option button, and click Next. In the Protocol and Ports window, verify that TCP is selected. In the Specific local ports text box, type 23, which is the port used by the Telnet protocol. Click Next. In the Action window, click the Block the connection option button, and click Next. Uncheck the Private and Public boxes, leave the Domain box selected, and click Next. In the Name window, type Telnet in the Name text box, and click Finish. Note that the new rule, Telnet, is listed first in the Inbound Rules frame. The rule is shown with an icon of a red circle and slash, indicating that the rule blocks access.
9. Return to Windows 7, and attempt to establish a Telnet connection with the server again. The packets have been blocked by the server, so the command fails.
10. Log out of both systems.