SECURITY

Windows 7 : Protecting Your Network from Hackers and Snoops - Configuring Windows Firewall

12/3/2012 6:25:49 PM
The purpose of Windows Firewall is to examine all incoming network data, looking for attempts to connect to your computer. Windows Firewall maintains a list of networking services for which incoming connections should be permitted, within a given range of network addresses. For example, by default, on a private network, Windows Firewall permits file-sharing connections only from computers on the same “subnet” or LAN as your computer. Attempts by users outside your immediate network to contact your computer are rebuffed. This prevents Internet users from examining your shared files. (Outgoing requests, attempts by your computer to connect to others, are not restricted.)

Windows Firewall also monitors application programs and system services that announce their willingness to receive connections through the network. These are compared against a list of authorized programs. If an unexpected program sets itself up to receive incoming network connections, Windows Firewall displays a pop-up message similar to the one shown in Figure 1, giving you the opportunity to either prevent the program from receiving any network traffic (Cancel) or add the program to the authorized list (Allow Access). This gives you a chance to prevent “spyware” and Trojan horses from doing their dirty work. Firewall-aware programs such as Windows Messenger automatically instruct Windows Firewall to unblock their data connections.

Figure 1. Windows Firewall displays a pop-up message if an unauthorized program asks to receive network connections.

Note

You might ask, why don’t the spyware programs do the same thing? Good question. They will certainly try. However, UAC ensures that unless you give them permission, they won’t have the privileges necessary to open up the firewall. Most application setup programs are run with elevated privileges, so they do have the opportunity to configure Windows Firewall as part of the setup process. You will be shown a UAC prompt before such a setup program runs.


If you don’t recognize the program listed in a Windows Firewall pop-up, click Cancel. This is a break from the way Windows programs usually work: Cancel here doesn’t mean “don’t do anything now.” In this case it actually does make an entry in the firewall’s program list, and the entry is set up to block the program.

On Windows 7, Windows Firewall has separate settings for each application based on whether your computer is connected to a public or private network. In most cases, it’s best to allow a program to receive connections on private networks, but not public. This is certainly the case for file and printer sharing and Windows management functions. The exceptions to this principle would be programs that are meant to work with other Internet users, such as chat or telephony programs.

Note

On a corporate network, your network manager might enforce or prevent the use of Windows Firewall, and may restrict your capability to change its settings while your computer is connected to the network.


The remainder of this section discusses the various setup options for Windows Firewall.

Enabling and Disabling Windows Firewall

To configure Windows Firewall, click Start, Control Panel, System and Security, Windows Firewall (or, if you happen to have a Command Prompt window open, just type start firewall.cpl). The current settings are listed in the right pane, as shown in Figure 2.

Figure 2. Windows Firewall displays its current status in the right pane. To configure it, click a task in the left pane.

In Windows 7, it should not ever be necessary to change the firewall’s default settings. However, if you do have to make a change, click one of the left pane tasks, which are described in turn in the followingv sections.

Allow a Program or Feature Through Windows Firewall

If you use a program that has to receive incoming network connections, its setup program should configure Windows Firewall to permit incoming connections; or failing that, the first time you run it you should see a pop-up notification like that shown in Figure 1. If you handle that pop-up incorrectly, or want to change the setting, select the Allow a Program or Feature Through Windows Firewall task to bring up the dialog box shown in Figure 3. Then, click Change Settings.

Figure 3. The Allowed Programs and Features list lets you list programs and network features (ports) that should be able to receive incoming connections. Here’s a feature that’s new in Windows 7: Connections can be accepted or blocked based on whether they are received through a private or public network connection.

To disable a program’s connections, find it in the list and uncheck the box to the left of its name.

To enable a program’s connections, find it in the list and check the box to the left of its name. Then, check either or both of the boxes to the right, to permit it to receive connections through a private network and/or public network.

To make a new entry for a specific program, so that it can receive connections, click Allow Another Program. Then, click Browse and locate the program file (.exe file), and click OK. Click Add, then review the Home/Work (Private) and Public check boxes to make sure that they are set correctly.

To open the firewall for a program or service by its network port number, you’ll have to use the Advanced Settings task, which is discussed shortly.

Change Notification Settings, Turn Windows Firewall On or Off

Both of these tasks bring up the same screen, shown in Figure 4. From there, you can turn Windows Firewall on or off. You can also check a box that blocks all incoming connections regardless of any entries in the Allowed Programs and Features list. (This corresponds to the Block All Incoming Connections and Don’t Allow Exceptions check boxes in Windows Vista and XP, respectively.) Finally, you can enable or disable the pop-up that occurs when a new program wants to receive incoming connections. If you disable notification, newly discovered programs will be blocked silently.

Figure 4. The Change Notification Settings task lets you turn Windows Firewall on or off and configure its pop-up notification.

In previous versions of Windows, it was necessary to disable all firewall exceptions when you brought your computer to a public location, but on Windows 7, as I mentioned previously, this is no longer necessary.

Restore Defaults

This task restores Windows Firewall to its default settings, and clears out any additions you’ve made to the Exceptions list. This may cause networking applications such as instant messenger programs and remote control programs like VNC to stop working until you reinstall them, but it will re-secure your computer and restore the functioning of standard services like file and print sharing.

Advanced Settings

This task brings up the Windows Firewall with Advanced Security Administrative program, shown in Figure 5. You will need to use this program if you want to open the firewall for a network service based on its port number, because the basic firewall “Allowed Programs and Features” list does not let you do this on Windows 7. To open an exception for a TCP or UDP network port, follow these steps:

1.
In the left pane, click Inbound Rules.

2.
In the Actions list to the right, select New Rule.

3.
Select Port, and click Next.

4.
Select TCP or UDP, and select Specific Local Ports. Enter the port number or a port number range, then click Next. (To open an exception for both TCP and UDP, you must enter two separate rules).

5.
Select Allow the Connection and click Next.

6.
Select the types of networks from which the connection should be accepted: Domain (corporate), Private, and/or Public. Click Next.

7.
Enter a name and description for the network service, and click Next.

Figure 5. The Windows Firewall with Advanced Security program lets you open exceptions for a network service based on a port number.

Tip

Are you curious to know what programs and services on your computer are listening for incoming network connections? Just follow these convoluted steps:

1.
Click Start, and, in the Search box, type cmd.

2.
In the search results, right-click cmd.exe and select Run As Administrator. Confirm the UAC prompt.

3.
When the command prompt window opens, type the command netstat -ab | more. (This might take quite a long time to run.) A list of open ports is listed along with the names of the programs that are using them.

An even better way to view this information is to download and run the program at http://live.sysinternals.com/tcpview.exe.

If you don’t recognize a program’s name, use Google to see if it’s discussed on any web pages; this might help you determine whether it’s a legitimate Windows program or some sort of malware.


You can also use this tool to open an exception for a protocol other than TCP or UDP, and you can filter based on the remote IP address and port number; I won’t describe this other than to suggest that at step 3, select Custom.

Windows Live Messenger Can’t Send Files

When you attempt to send someone a file using Windows Live Messenger, what actually happens is that the other person’s copy of Windows Messenger contacts your computer to pick up the file. If Windows Firewall blocks incoming Windows Messenger data, the other person’s copy of Messenger will not be able to retrieve the file. Check the Windows Firewall configuration dialog box to ensure that Windows Live Messenger is listed and that the boxes are checked in both the Home/Work and Public columns.

Also, if you are using a connection-sharing router, enable Universal Plug and Play (UPnP) on the router so that Messenger can tell it how to route incoming file-transfer

Other  
 
Top 10
Review : Sigma 24mm f/1.4 DG HSM Art
Review : Canon EF11-24mm f/4L USM
Review : Creative Sound Blaster Roar 2
Review : Philips Fidelio M2L
Review : Alienware 17 - Dell's Alienware laptops
Review Smartwatch : Wellograph
Review : Xiaomi Redmi 2
Extending LINQ to Objects : Writing a Single Element Operator (part 2) - Building the RandomElement Operator
Extending LINQ to Objects : Writing a Single Element Operator (part 1) - Building Our Own Last Operator
3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart
REVIEW
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
VIDEO TUTORIAL
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
Popular Tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8