Windows Firewall Status Test
Primarily, security of a computer is controlled by configurations of the Windows Firewall, which is fully integrated with three firewall profiles. These firewall profiles are group of settings that include firewall rules and connection security rules. These profiles are dynamic and automatically applied to the computer based on how the computer is connecting to the network. So, as the computer moves from one environment to another, the computer security and network behavior changes automatically. The following table provides the brief description about these profiles:
| Profile | Description |
|---|---|
| Domain |
Applied to a network adapter when it is connected to a network on which it can detect a domain controller of the domain to which the computer is joined. |
| Private |
Applied to a network adapter when it is connected to a network that is identified by the user or administrator as a private network. A private network is one that is not connected directly to the Internet, but is behind some kind of security device, such as a network address translation (NAT) router or hardware firewall. For example, this could be a home network, or a business network that does not include a domain controller. The Private profile settings should be more restrictive than the Domain profile settings. |
| Public |
Applied to a network adapter when it is connected to a public network such as those available in airports and coffee shops. When the profile is not set to Domain or Private, the default profile is Public. The Public profile settings should be the most restrictive because the computer is connected to a public network where the security cannot be controlled. For example, a program that accepts inbound connections from the Internet (like a file sharing program) may not work in the Public profile because the Windows Firewall default setting will block all inbound connections to programs that are not on the list of allowed programs. |
Each profile is associated with its own set of configurations and can be tweaked to harden or soften security. In environments where multiple application servers are hosted, administrators would normally set a group policy /security rule on all the servers. For example, administrators may set a group policy to monitor the firewall status of the servers so that they can generate a compliance report as and when necessary. Any violation in the firewall status should be available upfront in the compliance report. eG Enterprise helps these administrators to track such violations and report the same in a hassle-free manner. The Windows Firewall Status test offered by the eG Enterprise helps them in this regard!
By periodically running this test, administrators can figure out the firewall profile that is currently active on the server.
This test is disabled by default. To enable the test, go to the enable / disable tests page using the menu sequence : Agents -> Tests -> Enable/Disable, pick the desired Component type, set Performance as the Test type, choose the test from the DISABLED TESTS list, and click on the << button to move the test to the ENABLED TESTS list. Finally, click the Update button.
Target of the test : A Windows host
Agent deploying the test : An internal agent
Outputs of the test : One set of results for the target host that is to be monitored.
| Parameter | Description |
|---|---|
|
Test Period |
How often should the test be executed. |
|
Host |
The host for which the test is to be configured. |
| Measurement | Description | Measurement Unit | Interpretation | ||||||
|---|---|---|---|---|---|---|---|---|---|
|
Domain network status |
Indicates the current status of the domain profile. |
|
The numeric values that correspond to the above-mentioned measure values are described in the table below:
Note: By default, this measure reports one of the Measure Values listed in the table above. The graph of this measure however will represent the status of the domain network using the numeric equivalents - 1 or 0. |
||||||
|
Private network status |
Indicates the current status of the private profile. |
|
The numeric values that correspond to the above-mentioned measure values are described in the table below:
Note: By default, this measure reports one of the Measure Values listed in the table above. The graph of this measure however will represent the status of the private network using the numeric equivalents - 1 or 0. |
||||||
|
Public network status |
Indicates the current status of the public profile. |
|
The numeric values that correspond to the above-mentioned measure values are described in the table below:
Note: By default, this measure reports one of the Measure Values listed in the table above. The graph of this measure however will represent the status of the public network using the numeric equivalents - 1 or 0. |
