MOAC 70-687 - Configuring Windows 8 Lab Manual

LAB 12
CONFIGURING AND MAINTAINING NETWORK SECURITY

THIS LAB CONTAINS THE FOLLOWING EXERCISES AND ACTIVITIES:

Exercise 12.1 Exercise 12.2 Exercise 12.3 Lab Challenge Installing Internet Information Server Testing IIS Connectivity Allowing a Program Through the Firewall Creating Windows Firewall Rules

BEFORE YOU BEGIN

The lab environment consists of computers connected to a local area network. The computers required for this lab are listed in Table 12-1.
Table 12-1 Computers Required for Lab 12
Computer Server Workstation Workstation Operating System Windows Server 2012 Windows 8 Enterprise Windows 8 Enterprise Computer Name SVR-DC-A WKSTN-MBR-B WKSTN-MBR-C

In addition to the computers, you will also need the software listed in Table 12-2 to complete Lab 12.

MOAC 70-687 - Configuring Windows 8 Lab Manual

Table 12-2 Software Required for Lab 12

Software Lab 12 student worksheet Location Lab12_worksheet.docx (provided by instructor)

Working with Lab Worksheets

Each lab in this manual requires that you answer questions, create screenshots, and perform other activities that you will document in a worksheet named for the lab, such as Lab12_worksheet.docx. You will find these worksheets on the book companion site. It is recommended that you use a USB flash drive to store your worksheets, so you can submit them to your instructor for review. As you perform the exercises in each lab, open the appropriate worksheet file, type the required information, and then save the file to your flash drive.

SCENARIO
After completing this lab, you will be able to:

Configure Windows Firewall Create Windows Firewall rules

Estimated lab time: 60 minutes

Exercise 12.1
Overview

Installing Internet Information Server

Because this is only a test deployment, you will be using a Windows 8 computer to function as the web server. In this exercise, you will install Internet Information Services on your workstation and then configure it to host two websites. Internet Information Services enables you to configure websites to use specific port numbers. This makes it possible to test the functionality of Windows Firewall. 15 minutes

Mindset

Completion time

1.

On WKSTN-MBR-B, log on using the adatum\Administrator account and the Pa$$w0rd password. On the Start screen, click the Desktop tile. The Desktop appears.

2.

MOAC 70-687 - Configuring Windows 8 Lab Manual

3.

Mouse over the lower-right corner of the window and, when the Charms bar appears, click Settings. On the Settings menu, click Control Panel. The Control Panel window appears. Click Programs > Programs and Features. The Uninstall or change a program window appears. Click Turn Windows features on or off. The Windows Features dialog box appears. Browse to the Internet Information Services\World Wide Web Services folder, as shown in Figure 12-1.

4. 5.

6.

7.

Figure 12-1 The World Wide Web Services folder in the Windows Features dialog box

8.

Select the Common HTTP Features check box, the Health and Diagnostics check box, and the Security check box. Expand the Web Management Tools folder, select the IIS Management Console check box, and then click OK. Windows 8 installs the selected components.

9.

10. Close the Windows Features control panel window. 11. In the Programs and Features address bar, click Control Panel Home, and then click System and Security > Administrative Tools. The Administrative Tools window appears.

MOAC 70-687 - Configuring Windows 8 Lab Manual

12. Double-click Internet Information Services (IIS) Manager. The Internet Information Services (IIS) Manager console appears. 13. An Internet Information Services (IIS) Manager message box appears, prompting you to confirm if you want to stay connected. 14. Click No. 15. Expand the WKSTN-MBR-B container and then expand the Sites folder. 16. Right-click the Sites folder and, from the context menu, choose Add Website. The Add Website dialog box appears. 17. In the Site name text box, type Intranet. 18. In the Physical path text box, type c:\inetpub\wwwroot. 19. Change the value in the Port text box to 4444. 20. Click OK. The new Intranet website appears in the Sites folder.
What URLs could you use in your computers browser to test the functionality of the intranet website you just created?

Question 1

21. Take a screen shot of the Internet Information Services (IIS) Manager console, showing the new site you created, by pressing Alt+Prt Scr, and then paste the resulting image into the Lab 12 worksheet file in the page provided by pressing Ctrl+V. 22. Close the Internet Information Services (IIS) Manager console. End of exercise. Leave all windows open for the next exercise.

Exercise 12.2
Overview

Testing IIS Connectivity

In this exercise, you will test the functionality of the web server you just installed. The way to test the functionality of a web server is to attempt to connect to it. 15 minutes

Mindset Completion time

MOAC 70-687 - Configuring Windows 8 Lab Manual

1.

On the WKSTN-MBR-B desktop, click the Internet Explorer button in the taskbar. An Internet Explorer window appears. In the Address box, type http://127.0.0.1 and then press Enter. Question 2
What is the result, and what does the result indicate?

2.

3.

Test the Intranet website by using the URLs you specified in Exercise 12-1, Question 1. Question 3
What is the result, and what does it indicate?

4.

On WKSTN-MBR-C, log on using the adatum\Administrator account and the Pa$$w0rd password. Click the Desktop tile and then open Internet Explorer. Try to access the IIS web server running on your WKSTN-MBR-B workstation by typing http://wkstn-mbr-b in the Address box and pressing Enter. Question 4
What is the result?

5.

6.

Now, try to connect to the Intranet website from WKSTN-MBR-C. Question 5

What is the result?

Question 6

List three possible reasons as to why you might be unable to connect to your computers web server using a browser on another computer.

7.

Back on the WKSTN-MBR-B workstation, in the System and Security control panel, click Windows Firewall. The Windows Firewall control panel appears (see Figure 12-2).

MOAC 70-687 - Configuring Windows 8 Lab Manual

Figure 12-2 The Windows Firewall control panel

8.

In the Control Panel Home on the left of the screen, click Turn Windows Firewall on or off. The Customize settings for each type of network window appears. Under Domain network settings, select the Turn off Windows Firewall (not recommended) option and then click OK.

9.

10. Take a screen shot of the Customize settings for each type of network window, showing the setting you just modified, by pressing Alt+Prt Scr, and then paste the resulting image into the Lab 12 worksheet file in the page provided by pressing Ctrl+V. 11. Back on WKSTN-MBR-C, try again to access both of the sites on the web server using Internet Explorer. Question 7
What are the results, and what do the results indicate?

Question 8

What other test could you perform to prove that it was your computers firewall that was blocking the connection and not the firewall on the computer you are using as a client?

12. Clear the Internet Explorer cache on WKSTN-MBR-C test client computer by clicking Tools > Internet Options. The Internet Options dialog box appears.

MOAC 70-687 - Configuring Windows 8 Lab Manual

13. Under Browsing History, click the Delete button. The Delete Browsing History dialog box appears. 14. Click Delete. Then click OK to close the Internet Options dialog box. Question 9
Why is it necessary to clear the cache before you retest the web server connections?

15. Back on WKSTN-MBR-B, in the Windows Firewall control panel, click Turn Windows Firewall on or off to open the Customize settings for each type of network window again and then turn the Domain network settings Windows Firewall back on. Click OK to close the window. Question 10
Why can you not simply leave Windows Firewall turned off when you deploy an actual web server?

End of exercise. Leave all windows open for the next exercise.

Exercise 12.3
Overview

Allowing a Program Through the Firewall

Windows Firewall is preventing clients from connecting to your web server. To enable client access, you will use the Windows Firewall control panel to allow access to the web server. The Windows Firewall control panel provides access to basic functions of the firewall, but for complete control, you must use the Windows Firewall with Advanced Security console, which youll see in the Lab Challenge. 10 minutes

Mindset

Completion time

1.

On WKSTN-MBR-B, in the Windows Firewall control panel, click Allow an app or feature through Windows Firewall. The Allow apps to communicate through Windows Firewall window appears (see Figure 12-3).

MOAC 70-687 - Configuring Windows 8 Lab Manual

Figure 12-3 The Allow apps to communicate through Windows Firewall window

2.

Scroll down the Allowed apps and features list and, in the Domain column, select the World Wide Web Services (HTTP) check box and then click OK. On WKSTN-MBR-C, try again to connect to the default website at http://wkstn-mbr-b. Question 11
Why are you now able to connect to the website from the client?

3.

4.

Now, try to connect to the Intranet website. Question 12

Why are you unable to connect to the intranet site from the client?

5.

On WKSTN-MBR-B, open the Allow apps to communicate through Windows Firewall window again and clear the World Wide Web Services (HTTP) check box. Then click OK.

End of exercise. Leave all windows open for the next exercise.

MOAC 70-687 - Configuring Windows 8 Lab Manual

Lab Challenge
Overview

Creating Windows Firewall Rules

The port you opened in Exercise 12.3 enables clients to access the default website hosted by your web server, but not the Intranet website. In this challenge, you must configure your web server to allow traffic to the Intranet website. Windows 8 often provides more than one way to complete a given task. The Windows Firewall control panel provides a relatively simple interface to the firewall, but it is not a comprehensive one, as we saw in the previous Exercise. 20 minutes

Mindset

Completion time

To complete this challenge, you must use the Windows Firewall With Advanced Security console to configure WKSTN-MBR-B to allow traffic to both the default website and the Intranet website you created in Exercise 12.1. To complete the challenge, perform the following tasks: 1. List the steps you took to complete the task. 2. Take a screen shot of the interface you used to create the firewall rules by pressing Alt+Prt Scr and then paste it into your Lab 12 worksheet file in the page provided by pressing Ctrl+V. 3. Answer the following questions.

Question 13

Why are there two separate rules for the World Wide Web Services in the Inbound Rules container?

Question 14

How would the opening of the port you performed in Exercise 12.3 affect the World Wide Web Services (HTTP Traffic-In) rules in the Inbound Rules container?

Question 15

How would the rule creation procedure you just performed differ if you wanted to restrict client access to the intranet website to computers on the local network only?

End of lab. You can log off or start a different lab. If you want to restart this lab, youll need to click the End Lab button in order for the lab to be reset.