Bangladesh University of Professionals

Cyber Security Fundamentals

Assignment: Rule based Access control design for

Windows OS (windows 11) using Firewall

Probir Datta
Roll: 24525201002
Firewall:

A firewall is a network security device or software that monitors and controls incoming and outgoing
network traffic based on predetermined security rules. Its primary purpose is to establish a barrier
between a trusted internal network and untrusted external networks, such as the internet.

Here's how it works:

Packet Filtering: Firewalls examine each packet of data entering or leaving the network. Based on
predefined rules, the firewall decides whether to allow or block the packet.

Stateful Inspection: In addition to packet filtering, modern firewalls use stateful inspection. This means
they keep track of the state of active connections and make decisions based on the context of the
traffic.

Proxy Service: Some firewalls act as intermediaries between a client and a server. They receive requests
from clients, forward them to the server, receive responses, and then forward them back to the client.
This proxy service can add an extra layer of security by hiding the internal network's details from
external sources.

Application Layer Filtering: Advanced firewalls can inspect traffic at the application layer (Layer 7 of the
OSI model). This allows them to identify specific applications or protocols and apply more granular
control over them.

Firewalls can be implemented as software running on individual computers or as dedicated hardware

devices. They are a fundamental component of network security, helping to prevent unauthorized
access, protect against network threats like malware and denial-of-service attacks, and enforce security
policies within an organization's network.

Types of Firewall based on Implementation:

Firewalls can be implemented in various ways, depending on the specific requirements and preferences
of the organization. Here are the main types of firewalls based on implementation:

Hardware Firewalls: These are standalone physical devices dedicated to firewall functionality. Hardware
firewalls are often placed at the network perimeter, between the internal network and the external
network (usually the internet). They typically offer high-performance packet filtering and can handle large
volumes of network traffic. Hardware firewalls are suitable for medium to large enterprises and are often
integrated into routers or security appliances.

Software Firewalls: Software firewalls are programs or applications installed on individual computers or
servers. They provide firewall protection at the host level, controlling inbound and outbound traffic for
that specific device. Software firewalls are commonly used for personal computers, laptops, and servers.
They offer flexibility and are often included as part of operating systems or security suites.

Virtual Firewalls: Virtual firewalls operate in virtualized environments, such as virtual machines (VMs) or
cloud-based infrastructure. They provide firewall functionality for virtualized networks and are capable of
securing traffic between virtual machines, as well as between virtual and physical networks. Virtual
firewalls are scalable and can be deployed dynamically alongside virtualized resources.

Cloud Firewalls: Cloud firewalls are specifically designed for securing cloud-based infrastructure and
services. They operate within cloud environments and protect virtual networks, applications, and data
hosted on cloud platforms. Cloud firewalls offer features tailored to the dynamic nature of cloud
computing, such as auto-scaling, integration with cloud management platforms, and centralized
management across multiple cloud deployments.

Proxy Firewalls: Proxy firewalls act as intermediaries between clients and servers, intercepting and
inspecting traffic passing through them. They receive requests from clients on behalf of servers and vice
versa, allowing them to apply advanced filtering and security policies. Proxy firewalls can provide deep
packet inspection, content filtering, and application-layer filtering. They are commonly used for web
filtering, caching, and enhancing security for specific applications or protocols.

Each type of firewall implementation has its advantages and is suitable for different scenarios, depending
on factors such as network architecture, security requirements, scalability, and budget constraints.
Organizations often use a combination of these firewall types to create a layered approach to network
security.

Stateful Firewall Stateless Firewall and Statistical

Firewall:

Stateful Firewall:

Stateful firewalls keep track of the state of active network connections and make decisions based on the
context of the traffic.

When a connection is initiated from the internal network to the external network (or vice versa), the
stateful firewall creates a record (or state table) of the connection details, including source and
destination IP addresses, port numbers, and connection state (such as SYN, SYN-ACK, ACK for TCP
connections).

As the connection progresses, the firewall uses this state information to allow related incoming and
outgoing packets to pass through without further inspection.

Stateful firewalls provide better security and efficiency compared to stateless firewalls because they can
make filtering decisions based on the connection state and not just individual packets.
Stateless Firewall:

Stateless firewalls, also known as packet-filtering firewalls, examine each packet of data passing through
them in isolation, without considering the context of the traffic or the state of the connection.

Stateless firewalls make filtering decisions based on predefined rules or criteria, such as source and
destination IP addresses, port numbers, and protocol types (e.g., TCP, UDP, ICMP).

Stateless firewalls are less resource-intensive than stateful firewalls because they do not maintain state
information for active connections. However, they are less effective at handling complex protocols and
may require additional configuration to achieve desired security policies.

Statistical Firewall:

Statistical firewalls use statistical analysis techniques to identify and block malicious or suspicious network
traffic.

Unlike traditional firewalls that rely on predefined rules, statistical firewalls analyze traffic patterns and
behavior to detect anomalies indicative of an attack.

Statistical firewalls may use machine learning algorithms, anomaly detection techniques, or statistical
models to classify network traffic as normal or abnormal.

By continuously monitoring and analyzing network behavior, statistical firewalls can adapt to evolving
threats and provide more dynamic protection compared to rule-based firewalls.

Statistical firewalls are often used in conjunction with traditional firewalls and intrusion
detection/prevention systems (IDS/IPS) to enhance overall network security.

Each type of firewall has its advantages and limitations, and the choice between them depends on factors
such as the organization's security requirements, network architecture, performance considerations, and
budget constraints. Many modern firewall solutions incorporate features from multiple types to provide
comprehensive security capabilities
Applying 4 Security Rule for windows Firewall

1. Access control of port (445) and Protocol

Step 1: Open the Control Panel

Step 2: Click on Windows Firewall/ Windows Defender firewall

Step 3: Navigate to advanced settings.
Step 4: Click on inbound rules and click on new rule.

Step 5: Select port and press next

 Step 7:
Specify the port 445 under specific local ports, select TCP and press next.
Step 8: click on block the connection and click next.

Step 9: Select Domain, Private and Public and click next.

Step 10: Give a name and description and click finish.
2. Inbound rule for zoom application program:
Allow this application if Connection is secure:
Select Object
Apply Rule name :
3. Setting Outbound Rule for proximity Sharing:
4. Applying Connection Security rule: