1. How Firewalls Work
To understand what a
firewall is, you need to first understand what a network connection is.
Even though you have only one skinny set of wires connecting your
computer to the Internet (through a phone line or cable outlet), that
connection actually consists of 65,535 ports.
Each port can simultaneously carry on its own conversation with the
outside world. So, theoretically, you could have 65,535 things going on
at a time. Of course, nobody ever has that much going on all at one
time. A handful of ports is more like it.
The ports are divided into
two categories: TCP (Transmission Control Protocol) and UDP (User
Datagram Protocol). TCP is generally used to send text and pictures (Web
pages and e-mail), and includes some error checking to make sure all
the information that's received by a computer matches what the sending
computer sent. UDP works more like broadcast TV or radio, where the
information is just sent out and there is no error checking. UDP is
generally used for real-time communications, such as voice conversations
and radio broadcasts sent over the Internet.
Each port has two directions: incoming (or ingress) and outgoing (or egress).
The direction is in relation to stuff coming into your computer from
the outside: namely the Internet. It's the stuff coming into your
computer that you have to watch out for. But you can't close all ports
to all incoming traffic. If you did, there'd be no way to get the good
stuff in. But you don't want to let everything in, either. You need a
way to separate the wheat from the chaff, so to speak — a way to let in
the good stuff while keeping out the bad stuff.
Antispyware and antivirus
software are good tools for keeping out viruses and other bad things
that are attached to files coming into your computer. But hackers can
actually sneak worms and other bad things in through unprotected ports
without involving a file in the process. That's where the firewall comes
into play. A stateful
firewall, such as the one that comes with Windows 7, keeps track of
everything you request. When traffic from the Internet wants to come in
through a port, the firewall checks to make sure the traffic is
something you requested. If it isn't, the firewall assumes this is a
hacker trying to sneak something in without your knowing it, and
therefore prevents the traffic from entering your computer. Figure 1 illustrates how it works.
So, there's really more to it than just having a port open or closed. It's also about filtering.
About making sure that data coming into an open port is something you
requested and not some rogue uninvited traffic sent by some hacker. Many
of the worms that infected so many computers in the 1990s did so by
sneaking in undetected through unfiltered ports. These days, you really
want to make sure you have a firewall up whenever you go online to
prevent such things.
1.1. What a Firewall Doesn't Protect Against
It's important to
understand that a firewall alone is not sufficient protection against
all Internet threats. A firewall is just one component in a larger
defense system. Specifically:
Windows firewall doesn't protect you from spyware and viruses.
Windows firewall doesn't protect you from attacks based on exploits.
A firewall doesn't protect you from pop-up ads.
A firewall doesn't protect you from phishing scams.
Windows firewall doesn't protect you from spam (junk e-mail).
So, a firewall isn't a complete solution. Rather, it's an important component of a larger security strategy.
NOTE
Note
that in the preceding list, I indicated that Windows Firewall doesn't
provide certain types of protection, such as spam or virus blocking.
Many hardware firewalls do provide this type of protection. This is sometimes call perimeter protection,
because it protects your network from threats at the perimeter of your
network. These types of firewalls can cost from several hundred to
several thousands of dollars, so they aren't always the best bet for a
home network. They can be extremely valuable, however, for business
networks.
2. Introducing Action Center
Before you get into Windows
Firewall, take a look at the Action Center. This is a single point of
notification for most of your PC's security. You can open the Action
Center in several ways. Use whichever is most convenient for you:
Right-click the flag icon in the Notification area and choose Action Center.
Press 
, type act, and click Action Center.
Click the Start button, choose Control Panel, click System and Security, and then click Action Center.
Whichever method you use, the Action Center opens. Figure 2
shows an example. I clicked the arrow button to the right of each
heading so that you can see the descriptive text under each heading. You
can click that button to show or hide the same descriptive text.
By default, Windows Firewall is
turned on and working at all times, so your Action Center should show
"On" beside the Firewall item, as in Figure 2
(and you will see only the Network Firewall item in Action Center if
you click the arrow beside the Security heading). If yours shows Off or
Not Monitored, it might be because you have a third-party firewall
program running in place of Windows Firewall. There are many such
programs available, such as McAfee, Symantec (Norton), Gibson Research,
and other companies. If your firewall is turned off and you don't know
why, it would be good to find out — perhaps from your computer
manufacturer or someone who knows. If you don't have any firewall up,
you should definitely turn on Windows Firewall.
NOTE
There is no advantage
to having two or more firewalls running simultaneously. In fact, more
than one firewall is likely to cause unnecessary problems.
2.1. Turning Windows Firewall On or Off
To turn Windows Firewall on or
off, you must have administrative privileges. In the System and Security
Control Panel window, click Windows Firewall. You should see the
current firewall status in the right pane, and options for controlling
the firewall in the left pane. Click Change Notification Settings or
Turn Windows Firewall On or Off in the left pane to see the options
shown in the foreground of Figure 3.
|
Use the Block All Incoming
Connections check box only to temporarily disable exceptions when
connecting to public Wi-Fi networks. You can find more on that topic in
the sections to follow.
|
|
If you have a third-party
firewall that you feel is more secure than the Windows Firewall, you can
choose the Off option to turn off Windows Firewall. Just make sure you
have a firewall up when you go online. Otherwise, you won't have
anything to stop uninvited traffic on your network connection.
|
If
you have a firewall at home, such as a wireless access point (WAP) or a
cable or DSL modem that provides firewall features, and those features
are turned on, you can safely turn off Windows Firewall. However, there
usually is no downside to leaving Windows Firewall turned on even when
an upstream firewall is in place. The exception is when you are trying
to play multiplayer games or accomplish networking with other computers
on the network and can't get the ports right in Windows Firewall to make
it work. In these situations, just turn off Windows Firewall on the
computers (but make sure your upstream firewall is working)! |
