Because most computers are connected to the Internet
through dialup, broadband (such as Digital Subscriber Line [DSL] or
cable modems), or through a local area network, computers are vulnerable
to attack or unauthorized access. To help protect your system, you
should have a firewall between you and the outside world that will
monitor all traffic going in and out and prevent such access.
Windows Firewall is a packet filter and stateful host-based firewall that allows or blocks network traffic according to the configuration. A packet filter
protects the computer by using an access control list (ACL), which
specifies which packets are allowed through the firewall based on IP
address and protocol (specifically the port number). A stateful firewall
monitors the state of active connections and uses the information
gained to determine which network packets are allowed through the
firewall. Typically, if the user starts communicating with an outside
computer, it will remember the conversation and allow the appropriate
packets back in. If an outside computer tries to start communicating
with a computer protected by a stateful firewall, those packets will
automatically be dropped unless it was granted by the ACL.
Exam Alert
Remember
that any program or service that needs to communicate on a network must
be able to pass through a firewall. This includes file sharing.
The rules that can be defined include the following:
Inbound rules.
Prevents other computers from making an unsolicited or unexpected
connection to your computer from other computers making an unsolicited
connection to it.
Outbound rules. Prevents your computer from making unsolicited connections to other computers.
Connection-specific rules. Allows you to create and apply custom rules based on a specific connection.
Compared to Windows
Firewall introduced with Windows XP SP2, the Windows Firewall used in
Windows Vista has been improved. Some of the improvements are as
follows:
IPv6 connection filtering.
Outbound packet filtering.
Rules can be configured for individual services chosen from a list without needing to specify the full path filename.
Internet
Protocol Security (IPSec) is fully integrated with Windows Firewall to
make sure there is not a conflict between IPSec and firewall settings.
Capability
to have separate firewall profiles when computers communicating on a
Windows domain are connected to the Internet (public) or private
network.
Basic Configuration
Windows Firewall is on by
default. When Windows Firewall is on, most programs are blocked from
communicating through the firewall. If you want to unblock a program,
you can add it to the Exceptions list (on the Exceptions tab). For
example, you might not be able to send photos in an instant message
until you add the instant messaging program to the Exceptions list.
To turn on or off Windows Firewall, follow these steps:
1. | Open Windows Firewall by clicking the Start button, Control Panel, Security, and then clicking Windows Firewall.
|
2. | Click Turn Windows Firewall on or off shown in the left pane (see Figure 1). If you are prompted for an administrator password or confirmation, enter the password or provide confirmation.
|
3. | Click On (recommended) or Off (not recommended), and then click OK (see Figure 2).
|
If
you want the firewall to block everything, including the programs
selected on the Exceptions tab, select the Block All Incoming
Connections check box (which blocks all unsolicited attempts to connect
to your computer). Use this setting when you need maximum protection for
your computer, such as when you connect to a public network in a hotel
or airport, or when a computer worm is spreading over the Internet. With
this setting, you are not notified when Windows Firewall blocks
programs, and programs on the Exceptions list are ignored.
The Windows Firewall Settings interface has three tabs:
General. Allows you to turn Windows Firewall on and off and temporarily block all incoming connections.
Exceptions.
Allows you to specify which programs and services are allowed through
the firewall or not. Of course, you should never create an exception for
a program when you are unsure of the functionality of that program.
Advanced. Allows you to select which network interfaces that Windows Firewall will protect.
To configure programs as exceptions, follow these steps:
1. | Open Windows Firewall by clicking the Start button, Control Panel, Security, and then clicking Windows Firewall.
|
2. | Click
Allow a Program Through Windows Firewall. If you are prompted for an
administrator password or confirmation, enter the password or provide
confirmation.
|
3. | In the Windows Firewall dialog box, select the Exceptions tab, and then click Add Program.
|
4. | In
the Add a Program dialog box, select the program in the Programs list
or click Browse to use the Browse dialog box to find the program.
|
5. | By
default, any computer, including those on the Internet, can access this
program remotely. To restrict access further, click Change Scope.
|
6. | Click OK three times to close all open dialog boxes.
|
To open a port in Windows Firewall, follow these steps:
1. | Open Windows Firewall by clicking the Start button, Control Panel, Security, and then click Windows Firewall.
|
2. | Click
Allow a Program Through Windows Firewall. If you are prompted for an
administrator password or confirmation, enter the password or provide
confirmation.
|
3. | Click Add Port.
|
4. | In the Name box, enter a name that will help you remember what the port is used for.
|
5. | In the Port Number box, enter the port number.
|
6. | Click TCP or UDP, depending on the protocol.
|
7. | By
default, any computer, including those on the Internet, can access this
program remotely. To change scope for the port, click Change Scope, and
then click the option that you want to use. (Scope refers to the set of computers that can use this port opening.)
|
8. | Click OK two times to close all open dialog boxes. |