Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
programming4us
Windows 7

Managing Security in Windows 7 : Windows Firewall

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
6/11/2011 4:58:55 PM
Windows Firewall has been standard since Windows XP. In Windows XP SP2, it was enabled by default, and it has steadily improved over the years.

A firewall is designed to protect a computer or network by controlling inbound and outbound traffic. Most firewalls operate with an implicit deny philosophy. In other words, all traffic is blocked (implicit deny) unless there is a rule that explicitly allows the traffic.

Windows Firewall on Windows 7 also uses an implicit deny philosophy. The only traffic that is allowed is the following:

  • Traffic that is explicitly allowed by an exception or a rule. Both inbound and outbound rules can be configured.

  • Return traffic that has been requested. For example, if a user requests a web page from a website, the web page is allowed as return traffic.

Windows Firewall works as both a packet-filtering firewall and a stateful firewall.


Packet-filtering firewall

A packet-filtering firewall can filter traffic based on IP addresses, ports, and some protocols. The firewall examines packets individually. Packets can be allowed or blocked based only on what is in each packet. A packet-filtering firewall can't evaluate packets based on the entire communication.


Stateful firewall

A stateful firewall can monitor the state of a connection. In other words, instead of examining each packet individually, it evaluates the packets in the conversation. This allows a stateful firewall to detect and block many attacks.

As a stateful firewall, it can inspect and filter all IPv4 and IPv6 traffic.

1. Checking the Firewall Status

If you suspect problems with the firewall, one of the first things you should check is the status. You can check it via the Control Panel. Type in Firewall in the Search Control Panel box, and click Check Firewall Status. Figure 1 shows the firewall status screen.

Figure 1. Windows Firewall status

Notice that it shows the firewall is controlled using the Domain Networks settings. The firewall has detected that the system is connected to the domain. This figure also shows both the Home Or Work (Private) Networks and Public Networks as Not Connected. If the system was connected to a public network, the Public Networks would appear as Connected, and the firewall would be controlled with the Public Networks settings.

This display shows that the firewall is on and configured to block all connections that aren't on the list of allowed programs. It is also configured to provide a notification when Windows Firewall blocks a program.

1.1. Determining Whether a Port or a Protocol Needs to Be Enabled

Some applications require that certain ports be opened or traffic using certain protocols be allowed. If the traffic is blocked, the application won't work. When configuring newly installed applications that aren't working, you should consider the possibility that an exception needs to be created in the firewall.

The top link on the left of the Windows Firewall status screen is labeled Allow A Program Or Feature Through Windows Firewall. You can see this link on Figure 11.16.

If you click this link, you'll see the display shown in Figure 2. This can be used to create an exception for different applications. When an exception is enabled, traffic will be allowed.

Figure 2. Modifying Windows Firewall to allow different programs or features

To create an exception, you can check the box for any of the features listed. You can create an exception for an application by clicking the Allow Another Program button. Most installed programs will automatically appear in this list, but you can also click Browse to locate the application.

2. Designing Firewall Rules

You can create firewall rules from the Windows Firewall Advanced Settings screen. You can modify preexisting rules or create your own rules.

New rules can be created to allow traffic based on the following:

  • A program

  • One or more TCP or UDP ports

  • A custom rule

Custom rules allow you to specify traffic for specific protocols, protocol numbers, and ports.

Figure 3 shows a partial list of the predefined rules. Settings that are enabled are shown with a check mark in a green circle. Any of these settings can be enabled or disabled by right-clicking and selecting Enable Rule or Disable Rule.

Figure 3. Windows Firewall with Advanced Security

Most of the properties in the predefined rules can't be modified. However, you can re-create any rule to meet specific requirements.

You can also create rules in Group Policy. The Computer Configuration => Policies => Windows Settings => Security Settings => Windows Firewall with Advanced Security node can be used to create new inbound rules, outbound rules, or connection security rules. Although none of the predefined rules are shown by default, they can be selected when creating a new rule.

Exercise: Creating a New Rule to Allow Traffic Based on Ports

  1. Launch the Windows Firewall Advanced Settings screen. Click Start => Control Panel. Type Firewall and select Windows Firewall. Click Advanced Settings.

  2. Select Inbound Rules. Right-click Inbound Rules and select New Rule.

  3. On the Select Rule Type page, you can select Program, Port, Predefined, or Custom. Select Port and click Next.

  4. Select either TCP or UDP based on the traffic you want to allow. Enter the port numbers you want to allow. Click Next.

  5. On the Action page, notice that you can select one of three settings: Allow The Connection, Allow The Connection If It Is Secure, or Block The Connection. Select Allow The Connection and click Next.

  6. The Profile page appears. You can have this rule apply to the Domain, Private, and/or the Public network profiles. They are all checked by default. Click Next.

  7. Name your rule and enter a description if desired. Click Finish, and it is created.

Other -----------------
- Managing Security in Windows 7 : Designing BitLocker Support
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Comparing the Desktop App to Web App
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Saving and Opening Documents with Windows Live
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Setting Up to Use Office Web Apps
- Managing Security in Windows 7 : Security Policies (part 3) - System Services & Removable Storage Access Policy
- Managing Security in Windows 7 : Security Policies (part 2) - Local Policies
- Managing Security in Windows 7 : Security Policies (part 1) - Account Policies
- Managing Security in Windows 7 : User Account Control
- Group Policy Settings (part 3) - Searching Group Policy
- Group Policy Settings (part 2) - Deploying an Application via Group Policy & AppLocker
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
 
programming4us
Natural Miscarriage
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Game Trailer