Tuesday, August 20, 2013

Guidelines for securing Operating System Part 5 - Windows Firewall - Tech Tuesday

Hey all my dear readers! :D I hope you all are doing great! ^_^



I've been quite busy lately and have not been able to post as regularly as I did in July. But I hope you all understand :) So continuing the Security Tips series I started in July, today I wish to discuss with you all the Windows Firewall. Oh, and just in case you want to access the last posts in this series, here are the links:

Part 1: Click Here
Part 2: Click Here
Part 3: Click Here
Part 4: Click Here

This is going to be a long post since I'll be covering everything I know about Windows Firewall. The post about Event Logs, Security Audits and Reports, etc. will be taken up in next posts when I get time to compile a long one on them too.

Let's first consider in brief the structure of this post.

  • Introduction to Windows Firewall
  • Configuring Windows Firewall: Windows XP
  • Configuring Windows Firewall: Windows 7
  • Adding New Programs in Windows Firewall: Windows XP
  • Adding New Programs in Windows Firewall: Windows 7
  • Removing/Disabling Program Rules from the Windows Firewall: Windows 7
  • Removing/Disabling Program Rules from the Windows Firewall: Windows XP
  • Creating a New Windows Firewall Rule: Windows XP
  • Creating a New Windows Firewall Rule: Windows 7
  • Two-Way Firewall Protection in Windows
  • Conclusion/Comments

Now that seems to be a long list, isn't it? Should I break it in two posts? Though I can, but I won't since I want to cover one security topic in one post as a whole.

Introduction to Windows Firewall




A firewall is a software that guards the system from unwarranted traffic when connected to a network. Hackers can try to take advantage of programs running on the system and try to execute malicious code. Hacking tools such as Trojan can send information from the victim's computer to the attacker's computer. A firewall can detect this attack and can allow the user to block certain traffic or programs that do not have to access network resources.

Windows Firewall is a built-in, host based firewall that in included in Windows XP(Service 2/later) and later versions of Windows, like Windows Server 2003(Service Pack 1), Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 8. Oh! I guess I listed all, LOL! Anyways, Windows Firewall drops incoming traffic that does not correspond to either traffic sent in response to a request from the computer(which is called solicited traffic), or unsolicited traffic that has been specified as allowed(expected traffic). It helps protect against malicious users and programs that rely on unsolicited incoming traffic to attack computers.

Configuring Windows Firewall: Windows XP


Let's start with the most basic thing, toggling the Firewall ON/OFF.

  1. Go to Start -> Control Panel.
  2. Click on "Security Center"


  3. Click on "Windows Firewall"



  4. Choose your settings.



Configuring Windows Firewall: Windows 7


Let's start with the most basic thing, toggling the Firewall ON/OFF.

  1. Go to Start -> Control Panel.
  2. Click on "System and Security"


  3. Click on "Windows Firewall"


  4. From the left hand side menu, choose Turn Windows Firewall on or off



  5. Choose your settings.



Adding New Programs in Windows Firewall: Windows XP


Users can add programs in the list of allowed programs in a firewall to allow a particular program to send information to or from your computer through the firewall. Steps to add a new program are as under:

  1. Okay, so from the previous point about Configuration you know the drill, about how to get upto the popup below. So let's continue from there:



  2. Click on Exceptions and Choose the programs/services from the list displayed.



  3. You can click Add Program to Add a new program that ain't there in the list.



  4. You can also add a port.



  5. You can change the scope of the program's connection by selecting the program in the list and clicking Edit. Then click Change Scope. By this you can select which addresses the program can connect to.



Adding New Programs in Windows Firewall: Windows 7


Users can add programs in the list of allowed programs in a firewall to allow a particular program to send information to or from your computer through the firewall. Steps to add a new program are as under:

  1. Click Start -> Control Panel. Type Firewall in the search space and press Enter.


  2. Click Allow a program or feature through Windows Firewall.


  3. Click Change Settings.


  4. Click Allow Another Program.



  5. Choose the Program you wish to add.


  6. Consider an example in which I have to add the VLC Media Player in Exception. Consider the pics to understand how to do this:

Removing/Disabling Program Rules from the Windows Firewall: Windows 7


  1. Click Start-> Control Panel. Search for Windows Firewall and go to Allow a program or feature through Windows Firewall. Click Change Settings.
  2. Select the rule you'd like to Remove/Disable.
  3. To Disable any rule for any specific network location, uncheck its respective checkbox and click OK.
  4. To remove any program completely from the allowed program list, click Remove -> Yes -> OK.

Removing/Disabling Program Rules from the Windows Firewall: Windows XP


It is quite simple to disable a program rule. You just need to simply select the program and click delete in the Exceptions Tab of the Windows Firewall Settings.

Creating a New Windows Firewall Rule: Windows 7


Windows Firewall with Advance Security allows a user to create custom rules. Steps:

  1. Click Start -> Control Panel. Search for Windows Firewall and click Check Firewall Status -> On the left pane click Advanced Settings.
  2. In the Windows Firewall with Advanced Security window, click Inbound Rules -> New Rule.

  3. The New Inbound Rule Wizard opens. Select (any) the Rule Type (Program, Port, Predefined, and Custom Rules) you would like to create. Select Rule Type as Port for this example. Click Next.

  4. Select the type of protocol (TCP/UDP) and provide the ports numbers or select the option All Local Ports for the rule you want to be applied. Click Next.


  5. Decide the action to take when the connection matches the specified condition (here, Allow the connection). Click Next.


  6. Select the Network Location for which the rule has to be applied. Click Next.

  7. Give a name to the newly created rule and description (optional). Click Finish.


Two-Way Firewall Protection in Windows

Threats travel through the web looking for suitable systems with low security levels and outdated or unpatched software. They enter these systems quietly without the knowledge of the user. Installing a better firewall solution could solve the problem. Since Windows Firewall with Advanced Security that comes with your Windows 7 has a great feature of two-way firewall protection, you must avail it to yourself. The steps are:

  1. Click Start, type wf.msc or Firewall in the search space, and press Enter.
  2. Click the Windows Firewall with Advanced Security icon.
  3. This management interface displays the inbound and outbound rules.
  4. Click Windows Firewall Properties.
  5. A dialog box with several tabs appear.
  6. For each profile - Domain, Private and Public - change the setting to Block, and then click OK.





Conclusion/Comments


So this was quite a comprehensive one. Took me two days to complete this. I hope you find all the relevant information you must know about the Windows Firewall and it's configuration to secure yourself while connected to a Network :) For any queries or suggestions please feel free to comment here. I'll soon be giving away a few email IDs so that you can send me your queries/requests/suggestions personally.

I hope you all have a great day ahead! :) Happy Tuesday :) See you all soon! :D

2 comments:

  1. I'm having difficulties in operating my firewall, I personally deal with it and it seems to have a lot to do with before you can really activate your firewall.. I need more guidance. Thanks much for sharing this very helpful tips. :)
    Firewall Security Consulting NY

    ReplyDelete
    Replies
    1. Please elaborate..I am explaining windows firewall here, which is already activated and no "lot to do" have to be done. So please tell me which firewall you are using if you need more help.

      Delete

Kindly keep the comments clean and make quality comments that would be worthy in making this blog better! :)