The Windows Firewall, if configured properly, will block communications from viruses and unauthorized applications which may communicate personal data to nefarious individuals or groups. And most importantly, the Windows Firewall, if configured properly, will prevent your computer from acting as a surrogate thats performs illegal or malicious acts (spam, virus transmittal) on behalf of another computer.
The Windows Firewall can be configure to:
|a)||Allow or block inbound or outbound communications through a specfic computer port.|
|b)||Allow or block inbound and outbound communications by one or many software applications and services running on your computer.|
|c)||Allow or block inbound and outbound communications to or from computers on the same local private network or computers residing on the public internet.|
Configuring the Windows Firewall to allow or block communications by a particular application, through a specific port, or through a specific network region is done by modifying Windows Firewall rules.
If you are not familiar with concepts such as Windows Firewall rules, ports, and profiles, please read the Windows Firewall Background Information post.
ENABLING WINDOWS FIREWALL
To enable Windows Firewall, please do the following:
|1.||Right click the mouse on the Windows Start button and select Control Panel from the menu.|
|3.||On the Control Panel screen, click the Windows Firewall icon. If the screen below is not what is showing, control panel display is probably in categories mode. Quickly select Large Icons in the View By box.
|4.||If the Firewall is not enabled, as shown below, then click the Turn Windows Firewall On or Off link. Otherwise, you'll see a screen that indicates the Firewall is already running. If this is the case, skip to STEP 6.
|5.||On the Firewall Customize Settings screen, in the Private Networks section, check the Turn On Windows Firewall option. In the Public Networks section, check the Turn On Windows Firewall option. Then click OK. Note, if you don't know what public and private networks are, please read the Windows Firewall background post.
|6.||The Windows Firewall is now running. The screen below should be displayed.
Right now, the Windows Firewall is monitoring, preventing (blocking), and allowing communications from your computer and other computers on both the local (private) network and the public (internet) network. It is running in accordance with the defined Firewall Rules. Again, if you are not familiar with Firewall rules, please read the Windows 8 Firewall background post.
If you simply want to take the defaults, then you can exit out of the screen at this time. Your computer communications are being protected. However, there are a few important points you should know.
|a)||The Windows Firewall defaults to ALLOW all outbound communications. If you want to change this option, then you'll have to go to the Advanced Settings to do so.|
|b)||Since the default behavior of the Firewall is to ALLOW all outbound communications, any application running on your computer can communicate outbound. This default configuration is kind of pointless as most spyware, viruses, etc. send outbound messages like SPAM, your Personal Info, etc. to other computers.|
|c)||The Windows Firewall WILL Interactively Notify you of INCOMING communications that are blocked.|
|d)||The Windows Firewall WILL NOT Interactively Notify you of OUTGOING communications that are blocked.|
|e)||It is possible to configure the Windows Firewall to block all outgoing communications unless there is a corresponding rule for the application or port that says traffic can pass, etc. However, even if you do configure the Windows Firewall to Block outbound communications, the Windows Firewall still WILL NOT NOTIFY YOU (via an interactive popup window or something of the sort) that it has blocked communications by a specific application or has blocked communications on a specific port.|
|f)||The Windows Firewall can be configured to write traffic blocks and allowances to a log file. However, the log file doesn't contain any application specific information. Rather, it only indicates the source and target addresses along with the ports that have been blocked or allowed. Unfortunately, the cryptic nature of the log file almost makes it almost useless in trying to determine if a virus or spyware is lurking in your system. Note that the Windows Firewall Event and Traffic Logs are discussed later in this document.|
ALLOWING APPLICATIONS TO COMMUNICATE THROUGH THE FIREWALL
An application that communicates can use one or many ports in its operation. Furthermore, many applications can use the same ports as other applications during their operation. However, some applications may be "good" applications and others may be "malicious" applications. Thus port alone is not sufficient to provide protection.
To address this, the Windows Firewall provides the ability to allow, disallow applications to communicate through the firewall on an application by application basis.
To configure applications to communicate through the Windows Firewall, while on the Windows Firewall screen, click the Allow an app or feature through Windows Firewall link. The Allowed Apps screen will appear
This screen shows a list of applications that are registered with the Windows Firewall. If the application is allowed to communicate through the firewall, the box to the left of the application name will be checked.
Furthermore, one can specify whether the application is allowed to communicate when the private profile is in effect (communications on the local network) and / or the Public Profile is in effect (communications over the internet).
If an application you wish to allow to communicate through the firewall is not listed, click the Allow another app...button. Upon clicking the button, you will have to locate the application in your file system so you will have to know the name of the applications executable or service name.
Click OK to save the changes.
WINDOWS FIREWALL ADVANCED SETTINGS
The Windows Firewall Advanced Settings is where the Firewall's operational behavior is configured. Under this area, the Firewal profiles, rules, blocking, etc. can be set to provide a complete communications protection solution.
Again, it is recommended to read the *LINK*Windows Firewall Background Information*ENDLINK* post if there are any questions on the terms.
To display the Firewall Advanced Settings screen, from the Firewall main screen, click the Advanced settingslink. The Windows Firewall with Advanced Security screen will appear.
The Center pane on the Windows Firewall with Advanced Security screen gives a very brief overview of what can be configured. The Overview section indicates the state and configuration of the Windows Firewall Profiles.
The Getting Started section introduces you to Connection Rules, Firewall Traffic Rules, and Internet Security Policy and Activity (monitoring, logs). The specifics of this are better left for a more advanced discussion in another post.
The Windows Firewall can monitor, block, or allow traffic according to network profile. Briefly, a network profile is analagous to a network region. Communication with computers on your local network are covered under the Private profile. Communication with computers on the internet are covered under the Public profile. Communication with computers when Windows Server Networking is installed (Domain Controllers) are covered under the Domain profile.
Read the Windows Firewall Background Information post for more information.
To display the profiles, click once on the Windows Firewall With Advanced Security On Local Computernode in the menu to the right. Then, right click the mouse and select Properties from the popup menu. The Windows Firewall with Advanced Security on Local Computer screen will appear.
When the screen appears, the Domain Profile tab will be highlighted. But because the odds are that you are not on a business network, it is more desirable to work with applicable profiles; namely either the Private or Public profiles.
Click Public Profile tab to display the profile that governs the firewall behavior when using the internet.
On this screen, several parameters are available.
The firewall state indicates whether or not the firewall is running. Options are either On or Off. This should be set to ON.
This governs how the firewall treats inbound connections. Inbound Connections can either be
a) Block (Default). This option only allows inbound connections from other computers only if a firewall rule is specified that allows the inbound connection.
b) Block All Connections: This option shuts off all inbound connections no matter what. If this option is enabled, you won't be able to get any skype calls, chat notifications, etc.
c) Allow: This option allows ALL communications to flow. Any computer can connect to your computer and initiate / send communications to it. The computer can be controlled remotely, commanded remotely, etc. This is unsafe.
This governes how the firewall treats Outbound connections. Outbound Connections can either be:
a) Allow: allows all connections.
b) Block: This option blocks all outbound connections if there isn't a correponding rule defined. NOTE: Windows Firewall WILL NOT NOTIFY YOU when the firewall blocks a connection
PROTECTED NETWORK CONNECTIONS
This specifies which connection(s) you want the firewall to protect. If you have multiple connections, you can select all, just one, or any combination.
Click the Customize button and select each connection you wish to protect. Then, click OK.
Click Customize button to specify settings that control the Windows Firewall behavior. Here you can elect to display a notification when the firewall blocks an incoming connection.
Also, you can specify whether you want the firewall to block Unicast responses. Unicast responses are responses to things like DHCP servers, routers, etc. that connect to the computer for administrative purposes. You should leave this value set to on.
Click OK to save.
Click the Customize button in the logging section in order to turn logging on or off. Windows firewall will log allowed and blocked traffic. However, the log file itself is cryptic and only tells you the source and target IP addresses that were blocked. It doesn't indicated the offending application.
In this screen, you can specify the file name to hold the log. How big the log file can get. Whether or not to log dropped packets (blocked traffic). And, whether to allow successful connections (Allowed traffic)
Click Apply To Save
THE PRIVATE PROFILE
The parameters of the Private Profile are identical to the Public Profile. These can be set identical to the Public Profile or it can be set to allow everything; especially if you trust the devices on your local network.
After setting this, click Apply. The firewall for all local computer communications will be set.
IPSec settings are discussed in the Windows Firewall Advanced post. To understand IPSec requires thorough background in networking and security.
Back on the Windows Firewall With Advanced Security screen, click the Inbound Rules menu item on the left hand side of the Windows Firewall With Advanced Security screen. The Inbound Rules will appear in the center pane.
This screen shows all the inbound rules defined for the firewall. Inbound rules determine which traffic is allowed to flow in to your computer. They are application specific, port specific, and each rule can be configured to apply to one or all profiles. Note that Inbound Rules are only applicable if the firewall is on and the Inbound Rules option is set to block in the Profile definitions.
Due to the complexity of a firewall rule, the specifics are deferred to the Windows Firewall Advanced Security post.
Click the Outbound Rules menu item on the left hand portion of the Windows Firewall With Advanced Security screen. The Outbound Rules will appear in the center pane.
This screen shows all of the outbound rules defined for the firewall. Outbound rules determine which type of traffic is allowed to flow from your computer to other computers. They are application specific, port specific, and each rule can be configured to apply to one or all profiles. Note that Outbound Rules are only applicable if the firewall is on and the Outbound Rules Option is set to Block in the Profile Definitions. Remember though, the Default is to Allow thus the Outbound rules have no effect!
Due to the complexity of a firewall rule, the specifics are deferred to the Windows Firewall Advanced Security post.
CONNECTION SECURITY RULES
Click the Connection Security Rules menu item on the left hand portion of the Windows Firewall With Advanced Security screen. The Connection Security Rules will appear in the center pane.
INSERT IMAGE OF CONNECTION RULES
Connection security rules determine how initial computer connections occur. It should be pointed out that before traffic passes from one computer to the next, a connection is established. Connection Rules do not affect how communications flow. Rather, they just affect if an initial connection can occur.
Due to the complexity of a connection rule, the specifics are deferred to the Windows Firewall Advanced Security post.
Click the Monitoring menu itme on the left hand portion of the Windows Firewall With Advanced Security screen.
Under the Monitoring menu item, you'll see several sub menu items.
Firewall: Clicking this displays the active rules for the firewall.
Connection: Clicking this displays the active connection rules for the firewall.
Security Associations: This displays the methods by which two computers connect with each other. There are two modes; quick and main. A quick mode negotiation establishes a secure channel between two computers to protect user data exchanged between them. Main mode negotiation establishes a secure channel between two computers by determining a set of cryptographic protection suites, exchanging keying material to establish a shared secret key, and authenticating computer and user identities.
VIEWING THE FIREWALL TRAFFIC LOG
To view the packets that have been allowed and blocked by the firewall, click the Monitoring Menu item and then click on the File Name under logging settings. Notepad will open up and the packets that have been allowed and dropped will appear.
NOTE. You must have the profile(s) Inbound and Outbound Connection options set to BLOCK. Furthermore, Logged Drop Packets and Logged Successful Connections must be selected under the Logging options of the profile(s).
FIREWALL EVENT LOG(S)
The Windoows Firewall Event logs differ from the Firewall Traffic log in that the Event logs record changes to the configuration and operation of the Firewall. To display the Firewall Event Logs,
a) Go into Control Panel
b) Double Click the Administrative Tools icon.
c) In the Administrative Tools screen, Double Click on the Event Viewer icon.
d) Expand the folders on the left to Event Viewer (Local) - Application and Services Logs - Microsoft - Windows - Windows Firewall With Advanced Security
Under this folder, you'll see 5 logs; Connection Security, Connection Security Verbose, Firewall, Firewall Verbose, and Network Isolation Operational.
The main one to be concerned with is the Firewall log. This records all the configuration changes to the firewall as when the firewall starts and stops.
This log does have value in that if for some reason your firewall is disabled, and you thought it was enabled, you can see the time when the firewall was disabled which then might point you in the right direction with regards to resolution.