Installing the Windows Firewall

In this section, we will examine the current Firewall configuration. Then, we will reconfigure the Windows Firewall and change it into a VPN server. After the VPN server is configured, authorized external users will be able to access internal resources.

Testing The Current Firewall And Setting Up The VPN Server

We will now install and configure a VPN Server. We will configure it to allow all traffic out. We will also allow incoming connections for users on the External Network. This will allow them to access resources on the Internal Network, like email and web resources.

Click on the internal Windows $8$ machine icon on the topology diagram.

int win$8.$png

Right$-$click on the cmd $-$ Shortcut on the Desktop and select Run as administrator.

Sec$1-$Step$4.$JPG

Type the following command to go to the root of the C: Drive. Press Enter.

C:$\backslash$Windows$\backslash$system$32>$cd $\backslash$

image$005.$png

Type the following command to ping the external Windows $7$ machine. Press Enter.

C:$\backslash >$ping $216\mathrm{.}1\mathrm{.}1\mathrm{.}200$

Note: If you don't get all $4$ replys, then wait a few minutes for the all the needed machines to come online and try the ping command again.

image$006.$png

Type the following command to clear the command prompt screen. Press Enter.

C:$\backslash >$cls

image$007.$png

Type the following commands to connect to the FTP site and download the file. Press Enter.

C:$\backslash >$ftp $216\mathrm{.}1\mathrm{.}1\mathrm{.}200$

User: ftp

Password: P@ssw$0$rd

ftp$>$ get hi$.$txt

ftp$>$ bye

C:$\backslash >$type hi$.$txt

Note: The password of P@ssw$0$rd will not be displayed when you type it for security purposes.

$1-7\_6.$PNG

The Windows$-$based Firewall is allowing all outbound traffic. NAT, or Network Address Translation, is set up allowing this Internal Windows $8$ with the IP Address of $192\mathrm{.}168\mathrm{.}1\mathrm{.}200$ to communicate with the Windows $7$ machine on the Public network.

Click on the external Windows $7$ Attack machine icon on the topology diagram.

EXT Win$7$ Attack.png

Log on to Windows $7$ as student with the password of password. Press Enter.

Note: The password of password will not be displayed when you type it for security purposes.

image$009.$png

Open a command prompt by double$-$clicking on the shortcut on the Desktop.

image$010.$png

Type the following command to scan the firewall for open ports. Press Enter.

C:$\backslash >$nmap $216\mathrm{.}1\mathrm{.}1\mathrm{.}1$

$1-11\_3.$PNG

Currently, the firewall is configured to redirect incoming requests for the FTP$,$ Telnet, SMTP$,$ HTTP$,$ and POP$3$ to the Windows $8$ machine on the Internal Network.

$1-11$B$.$png

We will now configure a VPN server. After this is done and we rescan the Public IP Address of the firewall from the external network, only a single port will be open.

Click on the Windows Server Firewall icon on the topology diagram.

firewall.png

On the Windows $2008$ Server Firewall, click the Send Ctrl$+$Alt$+$Delete button in the top right corner.

CAD Windows Server $2008\_8.$PNG

Enter firewall for the Administrator password to the Windows $2008$ Server. Press Enter.

Note: The password of firewall will not be displayed when you type it for security purposes.

image$014.$png

Double$-$click the Shortcut to Routing and Remote Access on the Desktop.

image$015.$png

Right$-$click on FIREWALL$2($local$)$ and select Disable Routing and Remote Access.

PIC $2.$jpg

Select Yes when you are asked if you want to continue.

image$017.$png

Right$-$click on FIREWALL$2($local$)$ and select Configure and Enable Routing and Remote Access.

Sec$1-$Step$19($Updated$).$JPG

Click Next to the Welcome to the Routing and Remote Access Server Setup Wizard.

image$019.$png

Choose Virtual private network $($VPN$)$ access and NAT. Click Next.

image$020.$png

Select the WAN$-$External Interface and then click the Next button.

image$021.$png

Select From a specified range and click the Next button.

image$022.$png

Click New, type $192\mathrm{.}168\mathrm{.}1\mathrm{.}201192\mathrm{.}168\mathrm{.}1\mathrm{.}230.$ Click OK$.$

$1-23\_2.$PNG

Click the Next button.

$1-23$B$.$PNG

Select $$I will set up name and address services later$$ and click the Next button.

image$024.$png

Select No at the RADIUS screen and click the Next button.

image$025.$png

Click Finish to complete the setup of Routing and Remote Access.

image$026.$png

Click OK to the warning message about the DCHP Relay Agent.

image$027.$png

The Routing and Remote Access FIREWALL$2($local$)$ machine will now turn green again.

PIC $1.$jpg

Return to the internal Windows $8$ machine. We will now verify that the machine can once again contact machines on the external network. Type the following command on your Windows $8$ machine to ping the external Windows $7$ machine. Press Enter.

C:$\backslash >$ping $216\mathrm{.}1\mathrm{.}1\mathrm{.}200-$n $2$

image$029.$png

Next, we will test if traffic is allowed outbound by performing a banner grab. Type the following to perform a banner grab of the Windows $7$ machine on the external network. Press Enter.

C:$\backslash >$telnet $216\mathrm{.}1\mathrm{.}1\mathrm{.}20021$

image$030.$png

You will receive the message $220$ Microsoft FTP Service. Type