The built-in Windows Firewall is an important part of system security. In this video, you’ll learn how to manage the Windows Firewall and how to use its built-in advanced security features.
<< Previous: Windows Administrative ToolsNext: Using Windows System Configuration >>
The firewalls that we use today on our computers and in our networks are what we call stateful firewalls. That’s because the firewall remembers the state of the traffic that’s going through it. Here’s an example.
I have a client computer on the left side with a firewall. This might be us at home behind our home firewall. The internet is on the outside. And out on the internet there might be a web server that we would like to communicate to. And of course, the bad guys are also on the internet as well.
With a stateful firewall when we send traffic to a web server, the firewall sees that traffic and remembers that we sent that information to the web server. And it is expecting a response back from the web server. And when that web server responds back, the firewall will remember the state of that particular session and allow that traffic to come through back to our client computer.
Windows includes its own software-based firewall called Windows Firewall. We can use this if we don’t happen to be on a network that already has another firewall or we might use it in conjunction with an existing physical firewall that’s on our network. You can access Windows Firewall from the Control Panel under Windows Firewall. There’s also a setting in Windows Firewall for advanced security.
You click the Advanced Settings, and you’ll be able to access some of the more advanced features. And in this video, we’ll look at both the basic features of Windows Firewall and then we’ll also get into more of the advanced features as well. Windows Firewall includes a list of fundamental firewall rules that are already configured inside of the firewall. These are based on applications. There’s not a lot of detail in controlling what is going where. We’re only allowing or disallowing certain applications to work on our system.
You also can’t define any specific IP address ranges. There is no scope associated with this so all devices can communicate in and out using this particular application. There’s also no connection security rules either. We can’t set up specific detailed information about these. If we wanted more control over these, we would need to use more of the advanced features of the Windows Firewall.
On my Windows Firewall, I have three different windows network configurations. One when I’m connected to my Windows domain, which I’m not currently. One on my private network, and then on my guest or public network. And I’ve currently configured this system to act as if it’s on a public network.
For each of these network settings, we can see more information about how it’s configured by clicking on Allow an App or Feature through the Windows Firewall. And then we can see all of the different applications that are currently configured and we can see how they are set for the domain configuration, the private configuration, and the public configuration of networks on my computer. If we wanted to allow another application, we can click Allow Another App and we can specify an application. But as you can see, there are not a lot of options other than allowing or disallowing what’s going through our firewall based on a specific application.
To have complete control of the Windows Firewall you need to use the Windows Firewall with Advanced Security. This allows you to set inbound rules of traffic that is inbound to your computer, outbound rules on what’s allowed to go out. You have connection security rules. We’ll look at those as well.
And you can set very granular control. You can set what application, what port, any predefined services, or customize any range of different items between all of those. When you’re setting up custom configurations, you can also specify things like the program, the protocol port number, the scope, the action, and the profile that you’re going to use.
To use the advanced features, we would select in the left-hand menu Advanced Settings and that’s going to launch a new window that shows Windows Firewall with Advanced Security. This shows your breakdown of the profiles. And you can see on the left-hand side we have inbound rules, outbound rules, connection security rules, and monitoring.
If I choose inbound rules, you can see there are a large number of predefined inbound rules in our Windows Firewall. And if we click on any of these, lets choose Skype as an inbound option, you can see the different options for the Skype application. This one is allowed for this connection.
The different programs and services associated with it, any remote computers so we can set some detailed scope for this particular application. The specify protocols and port numbers that might be in use. And there are other options as well to really refine exactly what traffic is allowed inbound and what traffic is allowed outbound from our computer.