Difficulty: Easy
Correct Answer: From Windows Firewall with Advanced Security, create a new inbound and/or outbound rule for FTP traffic and restrict it to the private profile only.
Explanation:
Introduction / Context:
Windows 7 includes Windows Firewall with Advanced Security, which provides granular control over which network traffic is allowed under different network location profiles (Domain, Private and Public). For security reasons, you might want to limit FTP traffic so that it is only allowed when the computer is on a trusted private network, and automatically blocked when the machine connects to a public network. This question tests your understanding of where and how to configure such profile-dependent firewall rules.
Given Data / Assumptions:
Concept / Approach:
Windows Firewall with Advanced Security offers advanced inbound and outbound rules where you can specify the protocol, ports, remote addresses, programs, and importantly, which network profiles the rule applies to. By creating a rule that allows FTP traffic only when the profile is Private (and possibly Domain) and not Public, you can ensure that FTP is blocked automatically on public networks. The simpler Windows Firewall interface and Network and Sharing Center do not provide this level of protocol and profile-specific control.
Step-by-Step Solution:
1. Open Windows Firewall with Advanced Security from the Administrative Tools or Control Panel.
2. Create a new outbound and/or inbound rule targeting the FTP protocol (typically TCP port 21, and any related ports if needed).
3. Configure the rule to allow the FTP traffic under the specified conditions.
4. On the Profile page of the rule wizard, check only the Private (and optionally Domain) profile, leaving the Public profile unchecked.
5. Save and enable the rule; ensure that no other rules conflict by allowing FTP on the Public profile.
Verification / Alternative check:
To verify the configuration, connect Computer1 to a private network, confirm that the network location is recognized as Private, and test FTP connectivity to a server. FTP should work normally. Then connect Computer1 to a public network and ensure the location profile is Public. When you attempt to connect via FTP, the connection should fail because the rule does not apply to the Public profile, and, assuming no broader rule exists that allows FTP on Public, the firewall will block the traffic.
Why Other Options Are Wrong:
Option B, using Group Policy application control policies, is mainly for restricting which applications can run and is not the standard way to control FTP traffic per network profile. Option C, the basic Allowed Programs and Features list, does not provide fine-grained control by protocol and network profile; it is more coarse. Option D, Advanced Sharing settings in Network and Sharing Center, controls file and printer sharing and discovery settings, not specific outbound protocols such as FTP.
Common Pitfalls:
A common mistake is relying on the simple Windows Firewall interface, which lacks advanced profile-based rules, leading to inconsistent behavior across networks. Another pitfall is forgetting to consider both inbound and outbound traffic, which may cause FTP commands to be sent but responses to be blocked. Administrators may also misconfigure the network location type, accidentally marking a public network as home or work and thereby allowing more traffic than intended. Using Windows Firewall with Advanced Security and carefully choosing the correct profile avoids these errors.
Final Answer:
You should create a new rule in Windows Firewall with Advanced Security that allows FTP traffic only for the Private profile so that FTP connections work on private networks but are blocked on public networks.
Discussion & Comments