Windows 7 / Networking

Advanced Security for Windows Firewall

Similar to the Windows Firewall with Advanced Security introduced in Windows Vista, the Windows Firewall with Advanced Security in Windows Server 2008 is a Microsoft Management Console (MMC) snap-in that allows you to set up and view detailed inbound and outbound rules and integrate with Internet Protocol security (IPSec).

The Windows Firewall with Advanced Security management console enables you to configure:

  • Inbound rules: Windows Firewall will block all incoming traffic unless solicited or allowed by a rule.
  • Outbound rules: Windows Firewall will allow all outbound traffic unless blocked by a rule.
  • Connection security rules: Windows Firewall uses a connection security rule to force two peer computers to authenticate before they can establish a connection and to secure information transmitted between the two computers. Connection security rules use IPsec to enforce security requirements. Connection security rules will be explained more in the next tutorial.
  • Monitoring: Windows Firewall uses the monitoring interface to display information about current firewall rules, connection security rules, and security associations.

Windows Firewall is on by default. When Windows Firewall is on, most programs are blocked from communicating through the firewall. If you want to unblock a program, you can add it to the Exceptions list (on the Exceptions tab). For example, you might not be able to send photos in an instant message until you add the instant messaging program to the Exceptions list. To add a program to the Exceptions list, see Allow a program to communicate through Windows Firewall.

To turn on or off Windows Firewall:

  1. Open Windows Firewall with Advanced Security located in Administrative Tools.
  2. Click the Windows Firewall Properties.
  3. Under Firewall state, Select either On (recommended) or Off (not recommended) and click the OK button.

Creating Inbound and Outbound Rules

You create inbound rules to control access to your computer from the network. Inbound rules can prevent

  • Unwanted software being copied to your computer
  • Unknown or unsolicited access to data on your computer
  • Unwanted configuration of your computer from remote locations

To configure advanced properties for a rule using the Windows Firewall with Advanced Security, follow these steps:

  1. Right-click the name of the inbound rule and click Properties.
  2. From the properties dialog box for an inbound rule, configure settings on the following tabs:
    • General: The rule's name, the program to which the rule applies, and the rule's action (allow all connections, allow only secure connections, or block).
    • Programs and Services: The programs or services to which the rule applies.
    • Users and Computers: If the rule's action is to allow only secure connections, the computer accounts that are authorized to make protected connections.
    • Protocols and Ports: The rule's IP protocol, source and destination TCP or UDP ports, and ICMP or ICMPv6 settings.
    • Scope: The rule's source and destination addresses.
    • Advanced: The profiles or types of interfaces to which the rule applies.

You can also use the Windows Firewall with Advanced Security to create outbound rules to control access to network resources from your computer. Outbound rules can prevent:

  • Utilities on your computer accessing network resources without your knowledge.
  • Utilities on your computer downloading software without your knowledge.
  • Users of your computer downloading software without your knowledge.

Determining a Firewall Profile

A firewall profile is a way of grouping settings, such as firewall rules and connection security rules that are applied to the computer, depending on where the computer is connected. On computers running this version of Windows, there are three profiles for Windows Firewall with Advanced Security. Only one profile is applied at a time.

The available profiles are

  • Domain: Applied when a computer is connected to a network in which the computer's domain account resides.
  • Private: Applied when a computer is connected to a network in which the computer's domain account does not reside, such as a home network. The private settings should be more restrictive than the domain profile settings.
  • Public: Applied when a computer is connected to a domain through a public network, such as those available in airports and coffee shops. The public profile settings should be the most restrictive because the computer is connected to a public network where the security cannot be as tightly controlled as within an IT environment.
[Previous] [Contents] [Next]