Using Windows Firewall – CompTIA A+ 220-802: 1.4June 20, 2019
The types of firewalls that we use these days are called stateful firewalls. That means the firewall is smart enough to understand exactly the conversations that might be in place and are communicating through the firewall. That way if somebody tries to send their own traffic through and it’s not part of an existing conversation, the firewall will simply drop that traffic.
And we can see this demonstrated here where we might have a client that is communicating out to a web server. And of course once you communicate out to the web server, the web server will send information back to the client. And as this is passing through the firewall, it recognizes exactly the web server you’re talking to, so that it allows the conversation back from the web server automatically.
And because this is a stateful firewall, if there was someone out there, a ne’er do well, who wanted to also send traffic into your system, once it hit the firewall, the firewall would recognize that this isn’t part of an existing conversation.
It’s not allowed by this particular firewall configuration. So we’re simply going to drop it and not allow that traffic to go back to the client workstation, thereby protecting everything that might be in that device. The stateful protection is built into the Windows operating system through the Windows Firewall. You’ll find the Windows Firewall right in your Control Panel. There’s an option for Windows Firewall.
There are a number of different capabilities for Windows Firewall, depending on what version of Windows you’re using. If you’re using some of the latest versions of Windows Vista and Windows 7, you’ll even have options for advanced security.
There is an Advanced Settings option inside of it, so that you can add even additional security to your existing Windows Firewall. The basic Windows Firewall allows you to set some fundamental security rules that allow certain applications to communicate in or communicate out to your computer. This is all based on the applications. One benefit of having the firewall right in the operating system is it knows exactly what programs you’re running. So you don’t have to put in a lot of detailed information.
Your computer already knows what apps you’re using. You don’t have to worry about any type of scope with these basic fundamental rules. You’re either allowing all traffic or no traffic at all. You also don’t have to configure any advanced connectivity options like IP addresses or port numbers. You simply decide in this view what applications you would like to be able to communicate in or out and you decide where that application traffic needs to go.
You’ll find the Windows Firewall under your Start menu in the Control Panel. And if I scroll down a bit, you will see the Windows Firewall. This firewall setting allows you to configure different options on the left side. And here’s the main view. You can see that you have different settings for the firewall to protect against home or work networks. And that’s different when you’re connecting to public networks. That way you can configure different settings when you’re in the office.
And as soon as you leave and go to a coffee shop or an open Wi-Fi access in a hotel, you will have a completely different security posture for that particular environment. You have a lot of different options available to you. The basic functionality can be accessed right here at the top, where we would allow a program or a feature through the Windows Firewall. And this is the basic settings where I can choose exactly what I would like to modify here. In this case, you can choose the application you would like to allow.
In this case, I’m allowing a home or work on my private network or a public network. And if you add other types of networks, those will also be listed in here as well. You can choose any one of these and get details about what this means. And notice that you can’t change anything until you click this icon that asks for additional security. And by clicking that, it make sure that you are the administrator. And if you’re not running as the administrator, it will prompt you for the proper credentials.
And at that point, you’re able to make any changes you’d like to the firewall configurations. Generally, you don’t have to set anything on the firewall. It automatically recognizes the applications that you’ve configured and it automatically is going to protect. And if you ever need to make changes to this, then you’ll be allowing the traffic in because everything by default will be denied. There may be times when you need additional control of your firewall. You might want to set some very, very granular control of inbound traffic, outbound traffic. You can even set up exact rules based on connection information, like IP address and port numbers. This allows you to get some very, very specific rules. You can really customize the capabilities of the Windows Firewall this way, all the way down to the program, the protocols, the port numbers, what happens to the traffic, when you see that type of traffic.
And you can apply those to different network profiles inside of your computer. Let’s look at these advanced options inside of my Windows 7 system. I’m going to go back to the Control Panel. Let’s scroll back down to the Windows Firewall. I’m going to now choose this option on the left side that says Advanced Settings. And by clicking that, you can see that you have a lot more capabilities here. This is that Microsoft Management Console view, where your selection are on the left side, the current view is in the center, and any actions might be on the right side. Notice that this is separated as inbound rules, outbound rules, connection security rules, and monitoring of what’s going through the firewall as well.
And you can see a lot of detail here. We just choose one particular option in here. I can look at the properties of these rules. This one happens to be pre-defined. But look at all the settings, general settings; programs and services; the computers that are allowed for this traffic to come from or go to; protocols and port numbers; the scope, IP address scopes for these; advanced settings that you might want to set; and any user information. That’s a lot of detail. You have a lot of control over what goes in and out of your computer this way. And if you were ever trying to find out information about what you’re doing, you can always go to these monitoring views and begin looking at items that might be in here for any one who’s communicating in and out of the system.
This gives you a way to not only protect your system, but see also exactly the type of communication that might be going on at any particular time. And it’s all done by using those capabilities that are built into your operating system in the Windows Firewall. .
As found on Youtube