When Windows Firewall is
turned on and running, you don't really have to do anything special to
use it. It will be on constant vigil, automatically protecting your
computer from hackers and worms trying to sneak in through unprotected
ports. Ports for common Internet tasks such as e-mail and the Web will
be open and monitored so that you can easily use those programs safely.
Internet programs that don't use standard e-mail and Web ports may require that you create an exception
to the default firewall rules for incoming traffic. Examples include
instant messaging programs and some online games. When you try to use
such a program, Windows Firewall displays a security alert like the one
in Figure 4.
The message doesn't mean
that the program is "bad." It just means that to use the program, the
Firewall has to open a port. If you don't recognize the program name and
publisher shown, click Cancel. If you want to use the program, first
decide for which networks the exception will be allowed. For example, if
the traffic is coming from another computer on your local network,
select the Private Networks option. For traffic coming from the
Internet, select Public Networks (you can select either or both, as
needed). Then, click Allow Access. Allowing access for a program doesn't
leave the associated port wide open. It just creates a new rule that
allows that one program to use the port. You're still protected because
the port is closed when you're not using that specific program. The port
is also closed to programs other than the one for which you unblocked
the port. Should you change your mind in the future, you can always
reblock the port as described in the next section.
3.1. Manually Configuring Firewall Exceptions (Allowed Programs)
Normally, when you try to use a program that needs to work through the firewall, you get a message like the example shown in Figure 7-4.
Occasionally, you might need, or want, to manually allow or block a
program through the firewall. If you have administrative privileges, you
can do that via the Allowed Programs page shown in Figure 7-5.
To open that page, click Allow a Program Through Windows Firewall in
System and Security (by the Windows Firewall item in Control Panel).
Items on the list with a
check mark beside them represent programs and features that work through
the firewall. You'll also see any exceptions you created in response to
a security alert. For example, Trillian isn't a Windows 7 feature, so
you might not see that one. It shows in Figure 5 because I chose to allow access for it in response to the security alert shown back in Figure 4.
You probably aren't
familiar with most of the programs listed in the Allowed Programs and
Features list, so you should not select or deselect a box just by
guessing. But you don't need to guess, either. If you just leave things
as they are, everything will be fine. If you later decide to use one of
the listed features, you'll be prompted at that point to allow access
for the program if it's necessary to do so.
3.2. Adding a Program Exception
You can unblock ports for
programs that aren't listed under Allowed Programs and Features. You
would do this only if specifically instructed to do so by a program
manufacturer you know and trust.
If the program for which you
want to create an exception isn't listed under Allowed Programs and
Features, first click Change Settings and then click the Allow Another
Program button. When you click Allow Another Program, you see a list of
installed programs that might require Internet access, as in Figure 6.
Click the program that you want to add to the list. Optionally, if the
program isn't listed, but you know where it's installed, you can use the
Browse button to get to the main executable for that program (typically
the .exe file).
Clicking the Network
Location Types button lets you define the addresses from which any
unsolicited traffic is expected to originate. For example, if you're
using a program that provides communications among programs within your
local network only, you wouldn't want to accept unsolicited traffic
coming to that port from the Internet. You'd want to accept unsolicited
traffic coming only from computers within your own network. When you
click Network Location Types, you see the options shown in Figure 7. Your options are as follows:
Private Networks, Such as Those at Home or at a Workplace:
If the program in question has nothing to do with the Internet, and is
for your home or business network only, choose this option to block
Internet access but allow programs within your own network to
communicate with each other through the program.
Public Networks, Such as Those in an Airport or Coffee Shop: If you want the program to be able to connect to the Internet, choose this option.
|
You can choose the scope for
the program within the Allowed programs and features list just by
placing a check in the Home/Work (Private) or Public columns for the
program.
|
|
|
Each computer is automatically assigned a 192.168.0.x IP address, where x
is unique to each computer. For example, if the computers are sharing a
single Internet connection, the first computer will be 192.168.0.1, and
the subsequent computers will also have addresses in that same address
space.
All computers will have the same
subnet mask of 255.255.255.0. The subnet mask just tells the computer
that the first three numbers are part of the network address (the address of your network as a whole), and the last number refers to a specific host (computer) on that network. The 192.168 ... addresses are called private addresses because they cannot be accessed directly from the Internet.
To see the IP address of a computer on your local network, go to that computer, click the Start button, and choose All Programs => Accessories => Command Prompt. At the command prompt, type ipconfig /all and press Enter. You see the computer's IP address and subnet mask listed along with other Internet Protocol data.
|
3.3. Disabling, Changing, and Deleting Exceptions
The check boxes in the
Allowed Programs and Features list indicate whether the exception is
enabled or disabled. When you clear a check box, the exception is
disabled and traffic for that program is rejected. This makes it
relatively easy to enable and disable a rule for a program on an
as-needed basis, because the program name always remains in the list of
exceptions.
To change the scope of an
exception in your exceptions list, click the check box in the Private or
Public column, as needed. To remove a program from the exceptions list,
and stop accepting unsolicited traffic through its port, click the
program name and then click the Remove button.
|
You can remove the default programs from the list — only those you have added. |
