WEBVTT 00:05.580 --> 00:12.060 The windows firewall with advance security remains one of the more important security features to build 00:12.060 --> 00:19.860 into the server operating system Windows Defender ATP was designed on the premise that a breach will 00:19.860 --> 00:26.790 happen no matter how tight the perimeter may be when the product is released at some point of vulnerability 00:26.790 --> 00:29.580 will be discovered or created. 00:29.670 --> 00:36.840 And when that happens you want the best team in place to respond the Windows Firewall is designed to 00:36.840 --> 00:39.420 block everything that you can. 00:39.420 --> 00:47.340 On an individual server everything that is except for the traffic that you want in the windows security 00:47.340 --> 00:52.290 app you can do basic tasks like define what the protection will be. 00:52.410 --> 00:59.250 If you're in your domain or if you're in a private or a public network profile your servers however 00:59.250 --> 01:04.200 probably don't wander into coffee shops the way your users laptops will. 01:04.200 --> 01:07.250 But this profile architecture is there just the same. 01:08.420 --> 01:15.410 When I open up the firewall and network protection there are some quick links to complete basic common 01:15.410 --> 01:16.560 tasks. 01:16.820 --> 01:25.370 I can use this link to allow an app through the firewall to allow say printer software or some specific 01:25.370 --> 01:28.880 application that our users may need from our server. 01:28.910 --> 01:33.670 It will allow those applications to have their own direct path through the firewall. 01:35.370 --> 01:41.940 The link for advanced settings will take you to a management tool that is going to be familiar to any 01:41.940 --> 01:46.980 of you who have been administering Windows servers in previous versions. 01:47.000 --> 01:53.220 This is the Windows Defender firewall or Windows firewall with advanced security. 01:53.420 --> 02:01.430 Here you get a pretty long list of inbound and outbound rules that you can use to allow or block traffic 02:01.880 --> 02:05.780 for the various services that ship with Windows Server. 02:05.810 --> 02:11.930 Each of these can be viewed and even edited as needed to block or allow specific types of traffic. 02:12.800 --> 02:18.820 You can also create new rules for applications or services that weren't originally in place. 02:18.860 --> 02:26.060 Let's say you want to allow one specific administrative workstation to administer this server remotely 02:26.120 --> 02:28.570 using power shell remote thing. 02:28.730 --> 02:35.600 I can go to the inbound rules an inbound request to administer this server right click and select new 02:35.600 --> 02:39.790 rule and there's a wizard that will walk us through the process. 02:39.860 --> 02:44.510 I'm going to choose a custom rule because there's several things that I want to set for this specific 02:44.510 --> 02:51.820 rule one of the first things I need to specify is what application makes it through this port of the 02:51.820 --> 02:53.160 firewall. 02:53.200 --> 02:58.450 Well the application being used is not what I'm going to be defining so I'm going to allow that one 02:58.450 --> 03:09.040 to remain as all programs the specific protocol and Port Power shall remote thing happens over TGP and 03:09.130 --> 03:17.070 it happens over port 5 9 8 5 you can look up these ports for any of the services and with a lot of these 03:17.070 --> 03:23.680 services you can set the port to whatever you need I don't need to specify the remote port. 03:23.680 --> 03:29.890 What I'm saying here is that I want to define how traffic is going to be allowed into this machine using 03:29.890 --> 03:37.600 TGP and port 5 9 8 5 as far as the scope for this rule. 03:37.650 --> 03:46.830 We only want this rule to apply to one specific workstation only requests coming in through the IP address 03:46.830 --> 03:51.900 that I specify will be allowed to use this rule to gain access. 03:51.900 --> 04:00.140 So let me go ahead and add the IP address of our administrative workstation tend and 35 dot for dot 04:00.150 --> 04:07.550 seventy six and you can see here that you can use a range or if you're in an active directory environment 04:07.550 --> 04:12.330 and you can specify computers you may be able to choose some as well. 04:12.330 --> 04:18.270 But let me go ahead and say OK here the action if all of these rules apply. 04:18.290 --> 04:25.430 Allow the connection or if I'm in an environment with security certificates being passed around I could 04:25.430 --> 04:33.620 choose allow the connection if it's secure only IP set connections only recognized certificates are 04:33.620 --> 04:37.730 going to be granted access to this port to this firewall rule 04:40.470 --> 04:48.170 and finally I mentioned network profiles previously as they apply to workstations when you start defining 04:48.170 --> 04:55.910 firewall rules it becomes clear where network profiles are used on a server a server may have multiple 04:55.910 --> 05:02.690 network interfaces that connect to different networks if I'm on a server with three network interfaces 05:02.720 --> 05:09.620 that all point internally to the Active Directory Domain and one interface that points to the public 05:10.130 --> 05:18.680 or to the internet I can use this page to specify where my different rules apply if I don't want any 05:18.680 --> 05:25.370 requests coming in from the Internet to power shell remote into my server I can simply uncheck that 05:25.370 --> 05:34.160 box and if I've set the network interfaces that connect to my local network as domain profiles I can 05:34.160 --> 05:42.610 leave that the only box checked setting up firewall rules that are specific to a network profile will 05:42.610 --> 05:49.300 help sort out which sources the requests will come from and what types of access will come from these 05:49.300 --> 05:57.260 different locations carefully craft your firewall rules to allow the access you need but not grant any 05:57.290 --> 06:03.470 unneeded traffic this is one of the most important things you can do in hardening your servers defenses.