Manage and Block Programs with Windows Firewall
A computer firewall program basically analyzes network traffic either allowing it to pass or discarding it depending on the rules or exceptions in place. Two firewalls are available in Windows 7 – the default firewall and the Windows Firewall with Advanced Security (WFAS).
The standard firewall regulates traffic based on the program or services running while WFAS allows you to fine tune the exception rules based on port number, protocol, IP address and authentication. To check firewall settings go to Start -> Control Panel -> Windows Firewall.
Firewall Windows – http://en.wikipedia.org/wiki/Windows_Firewall
Block Programs with Windows Advanced Firewall
In previous versions of Windows such as Windows XP the default behavior of the firewall was to block incoming traffic and not outgoing traffic. This has changed in Windows 7 where most outbound traffic which has not been explicitly allowed is blocked – ping or ftp are examples that come to mind.
When a program is blocked you will get a notification the first time allowing you to set up an exception. Windows 7 firewall operates in full stealth mode meaning it guards against OS fingerprinting.
OS fingerprinting is a technique to try to find out which operating system a host is running so that specific attacks or exploits for a particular OS can be launched.
In older versions of Windows the firewall configuration would only become active once the start up process was completed. In Windows 7 however the windows firewall blocking protection starts as soon as the network interface becomes active and this is called boot time filtering.
Windows Firewall – Network Location Awareness (NLA)
NLA basically consists of 3 preconfigured network profiles built in to Windows 7
- Home Network – file sharing and discovery of other devices on the network
- Work Network – same as above
- Public Network – computer cannot be seen by others, network discovery and sharing are very restricted
In Windows 7 the profiles are applied to the network interface so that you can have a different profile for each connection unlike previous version of Windows such as Vista where the most restrictive policy in place was applied to all network interfaces.
A local administrator can configure the rules and exceptions for each network profile including the option whether or not to have notifications pop up when traffic is blocked. Should you be using a 3rd party software firewall you are advised to disable the Windows firewall.
Unlike Vista and previous versions of Windows when configuring windows firewall on Windows 7 you can create exceptions allowing programs to pass through the firewall based on the program and not the port address. Should you which to block access to specific ports then the Firewall with Advanced Security offers you that option.
You can reset the firewall to its default configuration by clicking on the “Restore Defaults” in the Windows firewall control panel or by running the command “netsh advfirewall reset” from an elevated command prompt.
Configure Windows Firewall Services and Blocking With Advanced Security
Advanced users might want to use WFAS which enables you to
- Configure rules based on inbound or outbound traffic
- Configure rules based on port address or protocol type
- Configure rules that apply to specific services rather than programs or applications
- Specify or limit rules for a specific source or destination address
- Configure rules that only allow authenticated traffic
- Configure connection security rules
Manage Windows Firewall
Custom rules allow you to specify a particular program or service to pass through the windows firewall with advanced security without defining a port number although you could specify the port address as well.
When defining a port rule you have to specify whether the rule applies to the TCP or UDP protocol. WFAS or windows firewall advanced allows or blocks the connection or if specific rules have been set up it will allow the connection if it is secure meaning that it meets the rule conditions configured.
A rule scope enables you to restrict traffic or to block programs with windows firewall to specific source and/or destination addresses and can be created when you set up a custom rule. The advanced options of a rule’s properties allow you to specify which network interfaces the rule belongs to.
- Block Edge Traversal – unsolicited traffic through a NAT device is dropped
- Allow Edge Traversal – unsolicited traffic through a NAT device is allowed
- Defer to User – user receives a message and can allow traffic if he or she has sufficient privileges
- Defer to Application – application settings determine whether traffic can pass through
Windows Firewall Connection Security Rules
For traffic that is encrypted or requires authentication through the Kerberos protocol in a domain or a pre-shared key you can use the connection security rule wizard. No rules specified by default.
- Isolation – limits communication to only those hosts that can authenticate themselves
- Authentication Exemption – exemptions to the above rule to allow the computer unrestricted access to a DHCP, DNS or other server
- Server to Server – similar to Isolation but instead of applying to all connections they apply to specific host addresses
- Tunnel – Same as above but used for site to site links
Netsh – Command Line – WFAS - Windows Firewall Services Configuration Utility
You can configure a common windows firewall block policy for all user accounts using group policy as well as separate policies for administrators or even policies on a per user basis. Should you be interested in running a thorough firewall test then I highly recommend visiting http://www.grc.com.
Categories: Network Security Threats