Step 6. Click the Add button and specify the user or group accounts in the Select Users or Groups dialog box. When you are finished selecting user and group objects, click OK to add them to the Authorized Users list, as shown in Figure 16-17. If you are working with the Remote Computers tab, the process is the same, but you can select only from Groups and Built-in Security Principals.
Figure 16-17. Selecting Authenticated Users Allowed to Use a Network Connection
Step 7. The Exceptions section is used to exclude any Authorized users or computers that may be selected from a group. For example, if you include the group Human Resources in the Authorized users list, all members of the group will be allowed to use the connection; however, you want to exclude the Human Resources receptionist, which is also a member of the group. You would check the Skip This Rule for Connections from These Users box, and add the receptionist to the Exceptions list.
Configuring Network Discovery
Network Discovery was introduced in Windows Vista to improve the security of the operating system by enabling better control over how Windows
computers communicate and find each other over a network. Network Discovery is enabled by default on Windows 10 when it is connected to a private network and turned off when it detects that it is connected to a public or unidentified network. You can configure settings for each network profile that is created.
Windows Vista and Windows 7 included three types of network profiles called Public, Home, and Work. This was a little confusing for users, as the Home and Work profiles essentially worked the same. Network discovery was enabled for both and turned off for the Public network. Beginning with Windows 8, an improved profile model was introduced by creating a separate
profile for each network you use. Windows 10 now describes your network as a Private network or a Public or Guest network. Domain-joined computers will use the Domain network when they are connected to the domain
network.
In Windows 10, Network Discovery is configured from the Advanced Sharing options of the Network and Sharing Center. Access the Advanced sharing settings by clicking the Change Advanced Sharing Settings link in the Network and Sharing Center, as illustrated in Figure 6-13 in Chapter 6,
“Windows 10 Networking.” Typically a Windows 10 computer starts with three network profiles, called Private, Guest or Public, and All Networks, as shown in Figure 16-18.
Figure 16-18. Typical Network Profiles in the Advanced Sharing Settings Dialog Screen
If you join the Windows 10 computer to an Active Directory domain, a Domain profile is added, as shown in Figure 16-19.
Figure 16-19. All Networks Settings on a Domain-Joined Windows 10 Computer
The configuration options differ slightly for each profile type created by
Windows. The individual options were covered in Chapter 6. Table 16-3 lists the options for each type of network profile.
Table 16-3. Network Discovery and Sharing Options for Windows 10 Network Profiles
Network Profile
Sharing
Option Description
Private Network discovery
Can be turned on or off. When turned on, can also configure whether to turn on automatic setup of network connected devices.
Private
File and printer sharing
Can be turned on or off.
Private HomeGroup connections
Options:
Allow Windows to manage homegroup connections.
Use user accounts and passwords to connect to other computers.
Guest or Public
Network discovery
Can be turned on or off. Automatic setup of network connected devices is not available.
Guest or File and
printer Can be turned on or off.
Public sharing
Domain Network discovery
Can be turned on or off. Automatic setup of network connected devices is not available.
Domain
File and printer sharing
Can be turned on or off.
All
Networks
Public folder sharing
Can be turned on or off. This setting applies to all profiles.
All
Networks
Media streaming
Media streaming options available for music, pictures, and videos. This setting applies to all profiles.
All
Networks
File sharing connections
Select between strong (128-bit) encryption and
weaker (40- or 56-bit) encryption. Strong encryption is recommended but may not work for some devices or older computers. This setting applies to all
profiles.
All
Networks
Password protected sharing
Can be turned on or off. This setting applies to all profiles. Not available on domain-joined computers.
If the computer is joined to a domain, password protected sharing is always enabled.
Managing Wireless Security
Wireless connectivity creates a tempting attack vector for criminals looking for access to valuable private information. Wireless networks are ubiquitous today, and corporations are rolling out wireless infrastructure in their offices to provide convenience for employees and save costs. It is important to ensure not only that the information moving through the network is secure, but that unauthorized outside entities stay off of your network and cannot access any resources for their own purposes.
Windows 10 supports the complete range of wireless security protocols, supported in Windows 7 and Windows 8.1, from Wired Equivalent Privacy (WEP) to Wi-Fi Protected Access (WPA2), Protected Extensible
Authentication Protocol (PEAP), and its combination with Microsoft
Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2) and Extensible Authentication Protocol Transport Layer Security (EAP-TLS).
WPA is no longer available as a connection type using the GUI Wi-Fi
configuration dialogs starting with Windows 8.1. If your router supports only WPA, you can still configure Windows 10 to use it using the netsh
command-line utility.
Windows 10 will use WPA2-Personal for maximum security when communicating by means of an ad hoc wireless network (direct
communication with another wireless computer without use of an access point). This helps to protect against common vulnerabilities associated with such unprotected networks. Table 6-7 in Chapter 6 lists the types of wireless security available in Windows 10 and the encryption (of each) that can be used. Refer to that table for details.
Note
WPA2-Enterprise security provides the highest level of wireless networking authentication security. It requires authentication in two phases: first, an open system authentication and, second, authentication using EAP. It is suitable for domain-based authentication and on networks using a Remote Authentication Dial-In User Service (RADIUS) authentication server. In environments
without the RADIUS server, you should use WPA2-Personal security
The WPA and WPA2 protocols can use either TKIP or AES for encryption.
These are strong encryption protocols, and AES is considered especially secure. WPA2 still supports TKIP but uses AES by default instead of TKIP.
Warning
Microsoft, and most network security professionals, recommend against using WEP. Because of the limitations of WEP’s encryption, a hacker can capture enough frames in a fairly short amount of time to determine the shared keys or shared secret key used between access point and stations, and decrypt the packets. WPA and WPA2 are more secure and not as vulnerable to sniffing and intrusion.
When Windows 10 connects to a new wireless network, it prompts you to decide whether you want to turn on sharing for that network. Selecting No, Don’t Turn On Sharing or Connect to Devices tells Windows to configure the connection as a Public network. As covered in the previous section, Network Discovery will be disabled by default on Public networks so that your
computer will not advertise its presence to other computers on the network.
You can examine the connection properties, including the security and
encryption types, for any wireless network your computer is connected to. To do so, right-click the Start button and select Network Connections. When the window is displayed, right-click the wireless network connection and select Status, and then click Wireless Properties. Select the Security tab to view the security settings.
The result will be similar to Figure 16-20. If you know the Security types available on the network, you can change the current setting from the Security Type drop-down. Similarly, if you want to select a different
encryption type, choose from the options available in the Encryption Type drop-down. When you click the OK button, Windows temporarily
disconnects from the access point and attempts to reconnect using the settings you selected. In Windows 10, only AES is available for WPA2.
Figure 16-20. Configuring Security Settings for a Wireless Network Connection
Exam Preparation Tasks Review All the Key Topics
Review the most important topics in the chapter, noted with the Key Topics icon in the outer margin of the page. Table 16-4 lists a reference of these key topics and the page numbers on which each is found.
Table 16-4. Key Topics for Chapter 16
Key Topic
Element Description Page
Number
Step List Shows how to perform basic Windows Firewall configuration
Customizing Windows Firewall settings for each
Figure 16-2 network type
Figure 16-3 Allowing apps to communicate through Windows Firewall
List Describes available Windows Firewall with Advanced Security rule types
List Describes types of available Windows Firewall with Advanced Security profiles
Figure 16-8 Creating new firewall rules of different types
Figure 16-12 Shows different types of firewall connection security rules
Step List Shows how to configure authenticated exceptions
Figure 16-17 Selecting authenticated users allowed to use a network connection
Table 16-3 Network discovery settings and sharing options for Windows 10 network profiles
Figure 16-20 Configuring security settings for a wireless network connection
Complete the Tables and Lists from Memory
There are no memory tables in this chapter.
Definitions of Key Terms
Define the following key terms from this chapter, and check your answers in the glossary.
AES, authenticated exceptions, firewall profile, firewall rule, Internet
Protocol Security (IPsec), network discovery, TKIP, WEP, WPA-2, Windows Firewall, Windows Firewall with Advanced Security