Configuring Windows Firewall and Network Access Protection
By their nature, networks can allow healthy computers to communicate with unhealthy computers and malicious tools to attack legitimate applications. This can result in costly security compromises, such as a worm that spreads rapidly through an internal network or a sophisticated attacker who steals confidential data across the network.
Windows Server 2008 R2 supports two technologies that are useful for improving network security: Windows Firewall and Network Access Protection (NAP). Windows Firewall can filter incoming and outgoing traffic, using complex criteria to distinguish between legitimate and potentially malicious communications. NAP requires computers to complete a health check before allowing unrestricted access to your network and facilitates resolving problems with computers that do not meet health requirements.
This lesson describes how to plan and implement Windows Firewall and NAP using Windows Server 2008 R2.
Exam objectives in this chapter:
Configure Windows Firewall with Advanced Security.
Configure Network Access Protection (NAP).
Lessons in this chapter:
Lesson 1: Configuring Windows Firewall
Lesson 2: Configuring Network Access Protection
Before You Begin
To complete the lessons in this chapter, you should be familiar with Windows networking and be comfortable with the following tasks:
Adding roles to a computer running Windows Server 2008 R2
Configuring Active Directory domain controllers and joining computers to a domain
Configuring a basic network, including configuring IP settings
You will also need the following nonproduction hardware connected to test networks:
A computer named Dcsrv1 that is a domain controller in the Nwtraders.msft domain. This computer must have at least one network interface that you can connect to either the Internet or a private network.
A computer named Hartford that is running Windows 7 Professional, Enterprise, or Ultimate, and is a member of the Nwtraders.msft domain. You must use Windows 7 because Windows Server 2008 R2 does not support the Windows Security Health Validator.