Windows Server 2008 Firewall Configuration for Enhanced Security

Windows Server 2008 Firewall Configuration for Enhanced Security


Windows server 2008 is a Windows operating system intended for server use which is usually used by companies, in this case of course security on server devices is needed, especially on firewalls.

The firewall itself has a function to protect the device from outside attacks. In this case we will do how to configure a basic firewall on a Windows server.


1. Opening Windows Firewall and Advanced Security

Here you can use the power shell or search panel on the Windows menu. I will give an example if you use the power shell command for your little knowledge.

First you open powershell, as shown below:


Here you can use the power shell or search panel on the Windows menu.


Then continue with the following command:


PS C:\Users\user> wf.msc


Then it will appear windows firewall and advanced security.


Firewall and Advance Security Menu


2. Network Firewall Configuration

Basically, the default given by Windows will block connections from outside going in or it can be called an inbound connection, before starting I will explain what is inbound and outbound on a network connection.

  • Inbound Connection is a connection made from outside to inside the device network, be it from a different router or a different device, for example, device A will ping device B, inside device B will be called inbound while inside device A will be called outbound.
  • Outbound Connection is a connection made from inside to outside the device network.
Now we will test from two devices, namely linux and windows server, by doing a ping test from windows to linux.

 
Ping cmd windows

It can be seen that Windows can connect to IP 192.168.1.8 (Linux), then test ping on the Linux device to Windows (192.168.1.9).


Ping Kali linux Terminal


In the picture above, it can be seen that the connection to Windows does not get a response, here we can conclude that the connection is blocked by the firewall. we will check the firewall configuration, before that we make sure what active network Windows uses to get an internet connection and there are usually several options such as:

  • Public Network
  • Private Network
  • dan Work Network

The three categories will refer to the firewall that we will configure, now we will go to Windows Firewall and Advanced Security > Windows Firewall Properties.


Windows Firewall and Advanced Security


If so, you will get 4 menus as below.


Menu firewall


Enter the Public Profile section because the previous active network on my Windows Server 2008 was Public Network. Then change the inbound section to "Allow".


Update firewall


Back to the Linux device, do another ping test to IP 192.168.1.9 (Windows) then it will successfully get a request reply from Windows.


ping linux

3. Defining Log Files and Notifications

Establishing a log file is very important as a means of evidence and analysis if there are anomalies on the server device and creating notifications on the device if there are unusual connections, because basically the logs and connection notifications on the firewall are not active and must be activated manually.
  • Still in the Public Profile menu and previous configuration, select logging > customize

         Still in the Public Profile menu and previous configuration
  • You can choose where the logs will be stored, the max log size, and what packages you want stored in the log file.

          You can choose where the logs will be stored, the max log size, and what packages you want stored in the log file.
  • Here I only make changes to the drop log and success log so that it is captured in the firewall log file and we can analyze it if there is an anomaly.

          Here I only make changes to the drop log and success log so that it is captured in the firewall log file and we can analyze it if there is an anomaly.

Now we will test on a Linux device to ping with the first test, namely packet drop, here we will first block the inbound connection.



Now we will test on a Linux device to ping with the first test, namely packet drop, here we will first block the inbound connection.

Now do a ping test from a linux device.


Now do a ping test from a linux device.


Then we check the firewall logs found on the C:\Windows\System32\LogFiles\Firewall.


Then we check the firewall logs found on the C:\Windows\System32\LogFiles\Firewall.


There is a packet drop log and vice versa if we set inbound to allow then there will be an "Allow" log, as below.


There is a packet drop log and vice versa if we set inbound to allow then there will be an "Allow" log, as below.


  • Enable notifications to be notified when there are connections that have been blocked but are still able to log in.


          Enable notifications to be notified when there are connections that have been blocked but are still able to log in.

  • Then select "yes".
          Enable notifications to be notified when there are connections that have been blocked but are still able to log in.

2 Comments