CIS 170F: Windows 7 Administration

Week 8

Networking
Windows Firewall

Windows Firewall is enabled, or attached, on any network adapter or dial-up connection that directly connects to the Internet. Its purpose is to block any traffic that carries networking-related data, so it prevents computers on the Internet from accessing your shared files, Remote Desktop, Remote Administration, and other sensitive functions.

Window Firewall by default blocks all attempts by other computers to reach your computer, except in response to communications that you initiate yourself. For example, if you try to view a web page, your computer starts the process by connecting to a web server out on the Internet. Windows Firewall knows that the returning data is in response to your request, so it allows the reply to return to your computer. However, someone "out there" who tries to view your shared files will be rebuffed. Any unsolicited, incoming connection will simply be ignored.

Windows Firewall can make exceptions that permit incoming connections from other computers on a case-bycase basis. It can differentiate connections based on the software involved (which is discerned by the connection's port number), and by the remote computer's network address, which lets Windows know whether the request comes from a computer on your own network or from a computer "out there" on the Internet. And starting with Windows 7, Windows Firewall uses a third criterion for judging incoming requests: the "public" or "private" label attached to the network adapter through which the request comes. This is a huge improvement over Windows XP and Vista.

Here's why: When you're at home, the other computers on your network share a common network address scheme (just as most telephone numbers in a neighborhood start with the same area code and prefix digits). Those computers can be trusted to share your files and printers. However, if you take your computer to a hotel or coffee shop, the computers on your local network should not be trusted, even though they will share the same network addressing scheme. With prior versions of Windows, you had to reconfigure Windows Firewall every time you moved your computer from one network to another, so that you didn't inadvertently expose your shared files to unknown people.

Some of the features of Windows Firewall include:

  • Inbound filtering
  • Outbound filtering
  • Firewall rules combined with IPsec rules
  • Support for complex rules
  • Support for logging