Windows Firewall – Introduction
Windows firewall is included as an integral part of the Windows XP, Windows Vista and Windows 7 operating system and should be enabled by default.
Microsoft’s firewall offering does a pretty good job of protecting your home PC, laptop or notebook and, coupled with a hardware firewall built in to your broadband router, should give you excellent ‘belt and braces’ protection for your home wired or wireless network.
Many people however are purchasing Internet Security suites on offer from the likes of Norton, McAfee, Kaspersky etc and they offer built in firewalls of their own which will require you to disable the Microsofts ‘built-in’ firewall to enable you to use the third party firewall offering included in the Internet Security suite.
Now, please note that you cannot and should not attempt to run more than one software firewall on a single PC or laptop computer – it just won’t work.
Many people will be happy with their built in Windows firewall and just need to purchase some anti-virus software coupled with some good free spyware protection which together with their hardware router firewall will complete their protection arsenal.
Windows firewall configuration is very easy to do
Windows Firewall – Are you protected?
To confirm that you have the Windows XP firewall enabled correctly you should go to the Windows ‘Control Panel’, open up the ‘Security Center’ and double click on the ‘Windows Firewall’ icon.
For Vista firewall users click on change settings, select ‘On’ and then click on the ‘OK’ button.
You will be presented with a dialog box which gives you the option to select whether your Windows Firewall is ‘On’ or ‘Off’.
The default setting should be ‘On (recommended)’ with the ‘Don’t allow exceptions’ deselected.
‘Off (not recommended) would make your PC vulnerable to all sorts of viruses, Trojans, worms etc and should only be selected if you have third party firewall software installed.
To allow incoming data for a particular program you will need to click on the Windows firewall ‘Exceptions’ tab and then click ‘Add Program’ or ‘Add Port’ using the filename or port number of the program in question.
Windows Firewall – Configure Exceptions
By default your Windows firewall will block most incoming traffic and any communication from programs attempting to access the Internet.
The firewall ‘Exceptions’ tab allows you to gain access to settings where you can add or remove programs that are allowed access through your firewall by ‘opening up’ specific ports that will allow these programs to communicate through your firewall unimpeded.
There will be a list of default programs and you will also be able to browse your PC for a specific program if it is not already listed.
For any program that is already listed in the Windows Firewall ‘Exceptions’ list Windows will automatically allow communication and open up the required communication port for that program.
To add a program that is not listed you simply click on the ‘Add Program’ button on the ‘Exceptions, dialog window.
Another function that is available gives you the ability to limit access through the ‘hole’ in your firewall.
Say for instance you have set up an exception for a program to communicate through your firewall but you want to limit access to only certain IP addresses or maybe limit access to just your local network say?
The ‘Change scope’ option allows you three settings:
- All computers (including those on the Internet)
- Only computers on your local network
- Custom list (type in a list of specific IP addresses)
You can also create an ‘Exception’ for a particular port number.
Using the ‘Add Port’ exception you simply enter a descriptive name for the port exception, identify the port number and specify whether it is a TCP or UDP port.
Again, the option to ‘Change scope’ of the exception is also available to you.
Note that if the option is there, it is easier to add a program rather than to add a port as you do not need to know the port number and type. Also, this way, when creating an exception for a program, the required port opening only occurs whilst the program is waiting to receive a connection.
Opening a port manually however, opens the port permanently, even when the program is not using it thereby allowing for more opportunities for a hacker or rogue program to gain access to your PC.
Windows Firewall – Laptop Internet Access
A note here to laptop and notebook users – under the ‘Exceptions’ tab you will find an exception labeled ‘File and Printer Sharing’, this allows access for other networked computers to your shared files and printers.
Now, when you are out and about at the office or a Wi-Fi hotspot or Internet Café say, if this ‘Exception’ is enabled, others can access your files and you have a big security risk!
So, if you are out and about, do make sure that you select ‘Don’t allow Exceptions’ on the ‘General’ tab and only set it to ‘Allow’ again once you are in a known safe environment or back at home.
Windows Vista and Windows 7 automatically detect a connection to a different network and will ask you to indentify it as a ‘Public’ or ‘Private’ type connection.
Selecting ‘Public’ automatically disables access to your shared files and printers.
Windows Firewall – Advanced Settings
More advanced settings can be reached by clicking on the ‘Advanced’ tab. Here you may choose which connections your firewall will protect, port exceptions etc.
Note that the ‘Advanced’ tab allows you to configure each of your network connections individually, i.e. if you have say a wired connection and a wireless connection you will be able to open ports for one or other or both networks or a particular network adapter say – this allows much greater flexibility and potential security.
Ok, so there may be some of you wanting to allow access by an FTP or Web Server or Remote Desktop services which requires you to open a particular port for access through your firewall to your PC.
This can be thought of as opening a ‘hole’ through your firewall which will allow the data for that service to pass through un-filtered.
To do this you will need to click on the ‘Advanced’ tab of the Windows Firewall settings window, select the connection you wish to allow access to and click on the ‘Settings’ icon.
This displays the ‘Advanced’ window listing some pre-defined services to allow access from the Internet to.
To create a custom service click on the ‘Settings’ button and then on the ‘Advanced Settings’ window click on the ‘Add’ button and in the ‘Service Settings’ window enter a descriptive name of the application for which you want to open a port for in the ‘Description of service’ box.
Enter the required port number that you require in the ‘External Port number for this service:’ and ‘Internal Port number for this service:’ port boxes and then click on ‘Ok’.
The required port number should be specified by the program developer.
There are also options under the ‘Advanced’ tab for Security Logging and ICMP.
Security logging allows advanced users to log successful and unsuccessful connections through your firewall for diagnostic purposes say.
ICMP may also be used by advanced users to diagnose network problems.
Windows Firewall – Default Setting
If you wish to reset your Windows firewall to its original default settings, then this can be accomplished very easily.
You may need to do this when you wish to reset your settings if you have a port or program exception that you no longer require for instance.
To restore the firewall to its default settings select the ‘Advanced’ tab then under ‘Default Settings’ click on the ‘Restore Defaults’ button.
On the ‘Restore Defaults Confirmation’ dialog window that pops up click on ‘Yes’ and then click ‘Ok’ to finish.
Ok, that’s it, we hope you have found this quick primer useful – if you should have any suggestions or additions etc please use the ‘Contact Us’ page to inform us and we will do our best to incorporate these.
Return from Windows Firewall to PC Tips and Tricks homepage