thecomputersociety.org

Windows Firewall

A few years ago the majority of home and small business computer users had likely never heard of a firewall. Today you can't ignore the need to be protected by a firewall as the computing environment has become increasingly hostile. The initial release of Windows XP contained a product called Internet connection firewall(ICF). It was fairly well hidden away and really received very little attention. I'd venture to guess many users weren't even aware it existed, much less had it enabled. Times have changed dramatically and running a computer today without a firewall is equivalent to computing suicide. So much so, in fact, that with the release of Service Pack 2 for XP, ICF has been renamed Windows Firewall and it is now enabled by default.

If you aren't familiar with a firewall and what it does, think of it as a fence that surrounds a yard or a moat that surrounds a castle. It provides an area of protection around a specific area, in this case your computer, and limits access to the area to one specific location that you control. In an ideal situation the access point would be controlled in both inward and outward directions, similar to having guards on the inside and outside of the gate or drawbridge checking everyone that enters or leaves. The easiest way to tell if Windows Firewall is enabled and actively protecting the system is to click Start > Control Panel and then click the Security Center icon. The first item listed in Security Center (Fig. 01) will be Firewall. As you can see, Security Center reports "Windows Firewall is ON", the default setting.

Fig. 01

Normally I'm against applications being enabled by default. I much prefer to be made aware of the option to enable a program and then making an informed decision based on whether or not it's best in my particular situation. However, because there are so many systems out there running totally unprotected I have to agree that enabling Windows Firewall by default was a good decision. Users that are already running a more sophisticated firewall product will be well aware that Windows Firewall is enabled by default and take immediate steps to disable it, while those users with no third-party firewall protection will at least have the benefit of Windows Firewall.

For those that want to modify the default firewall settings or turn it off completely, the [Manage Security Settings For] section at the bottom of Security Center contains a Windows Firewall icon. Clicking it will open the Windows Firewall property sheet shown in Fig. 02.

The General Tab - The On and Off settings are self-explanatory. One question that does come up rather frequently is whether or not Windows Firewall should be on if there is another firewall installed and in use on the system. The answer is no. Use one or the other, but not both. Using both will just lead to conflicts and confusion between the two firewalls. In this case, more is not better.

I'll talk more about exceptions in the next section. For now just be aware this is the place where you can prevent exceptions from being allowed by using the [Don't Allow Exceptions] checkbox.

Fig. 02

The Exceptions Tab - Somebody could (and probably will) write an entire book about the Exceptions tab (Fig. 03) alone; what it does, why it's necessary, the reason it has certain default items and not others, and a host of other things that go along with it, but I'm going to try and make it short and simple.

When you use certain programs to access the internet you're actually sending a request (packets) to another location for information to be sent back to your location. The outgoing requests are tracked and when information (packets) are sent back to your location they are compared or matched up to the requests you have sent. If it is a legitimate match the firewall allows the information to pass through to your system. If the information wasn't requested, it's stopped and denied passage. So what does this mean in the real world?

You may not ever have to worry about adding or authorizing an exception. If you do run across something that requires an exception (most likely an internet game or an instant messaging application) a dialog box will appear asking if you want to allow the program access. Take a look at the name of the application and think carefully. Do you really want and need the application enough that you are willing to grant it an exception? If so, follow the instructions in the dialog box and you'll be all set.

Fig. 03

If you run across an application that isn't working properly and you think it's related to network access, try the [Add Program...] button and add it to the exceptions list. The [Add A Program] window (Fig. 04) will open and you can either select the program from the list provided or use the [Browse] button to locate the executable in another location.

Fig. 04

Once the program has been selected the [Change Scope...] button can be used to open the Change Scope dialog box (Fig. 05) where options are available to set what computers are covered by the exception. Once you're done, exit the series of dialog boxes by using the OK buttons.

Fig. 05

In some cases, rather than adding an application to the exceptions list you might want to open an individual port instead. Referring back to Fig. 03, click the [Add Port...] button to open the [Add A Port] dialog box (Fig. 06). Try to avoid this option if possible. It's risky because the port remains open at all times and compromises the security of the system.

Fig. 06

The Advanced Tab - The options here are also self-explanatory. I would recommend you activate Security Logging (Fig. 07). It maintains a log of successful connections and dropped packets which can be very useful when troubleshooting a problem with a program or seeing if there is anything connecting that you'd prefer to have disabled. The log file size is user definable so it doesn't become unwieldy.

Finally, if the firewall becomes so screwed up that you no longer have any idea what's up and down or in and out, the [Restore Defaults] button in the Default Settings section can get you back to the default state the firewall is in when first installed. Sometimes it's the only way out. Swallow your pride and click it; you won't be the first and surely not the last.

Fig. 07

Back to tcs education page

thecomputersociety.org