What Are Windows Firewall and IPsec?

One key component in securing your IT infrastructure is protecting against network-related security threats. Windows Server offers several network security features to help:

  • Windows Firewall with Advanced Security
  • IPsec
  • Message Analyzer Free Tool

Windows Firewall with Advanced Security

Windows Firewall with Advanced Security blocks unauthorized network traffic flowing into or out of a local device by providing host-based, two-way network traffic filtering. You can either manually configure Windows Firewall with Advanced Security on each server or use Group Policy to centrally configure the firewall rules.

While the old Windows Firewall allowed you to configure only a single set of inbound and outbound rules (a profile), Windows Firewall with Advanced Security includes three profiles (Domain, Private and Public), so you can apply the appropriate rules to each server based on its connection to the network. These profiles are tightly connected to three network profiles in the Network and Sharing Center:

  • Domain networks. Networks at a workplace that are attached to a domain.
  • Private networks. Networks at home or at work where you trust the people and devices on the network. When private networks are selected, network discovery is turned on but file and printer sharing is turned off.
  • Guest or public networks. Networks in public places. This location keeps the computer from being visible to other computers. When a public network is the selected network location, network discovery and file and printer sharing are turned off.

You can also configure the following options for each of the three network profiles:

  • Firewall State. You can turn the firewall on or off independently for each profile.
  • Inbound Connections. You can block connections that do not match any active firewall rules (this is the default), block all connections regardless of inbound rule specifications, or allow inbound connections that do not match an active firewall rule.
  • Outbound Connections. You can allow connections that do not match any active firewall rules (this is the default) or block outbound connections that do not match an active firewall rule.
  • Protected Network Connections. You can select the connections — for example, the Local Area Connection — that you want Windows Firewall to help protect.
  • You can configure display notifications and unicast responses, and merge rules that are distributed through Group Policy.
  • You can configure and enable logging.
  • IPsec Settings. You can configure the default values for IPsec configuration.

IPsec

Connecting to the internet exposes a company to many types of security threats, from malware to drive-by downloads to social engineering attacks. IPsec is a set of industry-standard, cryptography-based protection services and protocols that can help to protect data in transit through a network by providing authentication, integrity checking and encryption. IPsec protects all protocols in the TCP/IP protocol suite except Address Resolution Protocol (ARP).

The design of IPsec helps it provide much better security than protection methods such as Transport Layer Security (TLS) and Secure Shell (SSH), which provide only partial protection. Network administrators who use IPsec do not have to configure security for individual programs because all network traffic between the specified hosts is protected when they use IPsec.

IPsec:

  • Offers mutual authentication before and during communications.
  • Forces both parties to identify themselves during the communication process.
  • Enables confidentiality through IP traffic encryption and digital packet authentication.

Message Analyzer

You can use Message Analyzer to capture, display and analyze protocol messaging traffic, events and other system or application messages in network troubleshooting and other diagnostic scenarios. Message Analyzer enables you to save and reload captures, aggregate saved captures, and analyze data from current and saved trace files. When Message Analyzer performs network captures, it limits irrelevant data, and exposes issues and hidden information that is critical for quick analysis. It accomplishes this by enabling you to remove lower-level details so you can perform analysis on higher-layer data of interest.

You can use Message Analyzer in a variety of scenarios:

  • Capturing network traffic for security review
  • Troubleshooting application issues
  • Troubleshooting network and firewall configuration issues

Using these Windows Server features can greatly enhance your security during network communications, and help you block man-in-the-middle (MITM), replay, hijacking, distributed denial-of-service (DDoS) and other attacks.