The Windows operating system includes a powerful firewall for controlling network communication to your computer. In this video, you’ll learn about the features available in Windows Defender Firewall and some of the advanced features that can be used to secure your workstation.
<< Previous Video: Windows Administrative Tools Next: System Configuration >>
The Windows Operating System includes a firewall that can protect you from attacks. In this video, we’ll look at the Windows Firewall and some of its advanced features.
If you hear the term “firewall” these days, you’re really talking about a stateful firewall. A stateful firewall is one that understands and remembers the state of traffic that flows through it. That way, if traffic is outbound, the firewall automatically knows to allow that same traffic flow back inbound. Likewise, if someone wants to try to send traffic through this firewall without there being an existing state or traffic flow in place, the firewall will automatically block that traffic.
Here’s an example of a stateful firewall. We have a client that will be communicating through a firewall and communicating to a web server. The firewall is already configured to allow this outbound traffic through the firewall into the web server. The web server is going to send the response to this request back to the client.
Since there was a previous session already created between the client and the web server, the firewall automatically understood that state and allowed that traffic to continue through to the client. If someone else out on the internet was to send traffic to the client through that firewall but there was no existing state and no existing rule that would allow that traffic, that traffic would be stopped by the firewall and would never make it to the client on the inside.
The Windows Firewall in Windows 7 and Windows 8 has been renamed in Windows 10 to the Windows Defender Firewall, but it is effectively the same application with the same capabilities. The Firewall itself is integrated into the operating system itself and you’ll find the configuration settings in the Control Panel under Windows Firewall or Windows Defender Firewall. There are also options within the Firewall that will allow you additional configuration settings under the Advanced Settings option. You’ll find that listed on the left sidebar.
The basic functionality of the Windows Firewall allows applications to send and receive traffic. This is especially useful if the application itself is expecting any inbound traffic coming from the network. An application such as a Voice over IP communications tool, may require that you allow inbound traffic to your computer as well as outbound traffic.
One way to allow or disallow this traffic is through the Allowed Apps configuration within Windows Firewall. The installed applications are listed in this list of allowed apps and features. And you can allow or disallow communication for that app based on the network profile that’s in use.
The only control you have at this level is to enable all traffic for a particular app or none of the traffic for a particular app. You’re not able to configure any details. For instance, you’re not able to set a scope for the traffic, which means it would be both inbound and outbound traffic. You can’t configure things like connectivity security rules that would tell Windows to only send this traffic over a secure IP Sec tunnel.
You can of course configure those options in the Advance Security section. But if all you’re looking to do is enable or disable a particular application, this is a very easy way to do that.
I’m currently on a guest or a public network profile. And Windows Defender Firewall is telling me that incoming connections will all be blocked to applications that are not on the list of allowed apps. I can change those allowed apps by clicking “Allow an app or feature through the Windows Defender Firewall.” And then it will list out all of the different applications that I’ve installed.
If you want to disable capabilities– for example, let’s say we scroll down to Skype. And if we want to enable or disable Skype, I can disable it by unchecking those marks for the Private and the Public profiles. And now no inbound traffic will be able to communicate to the Skype application.
If you want detailed control of all traffic inbound or outbound from your computer, you’ll want to use the Windows Firewall with Advanced Security features. This allows you to configure inbound rules, outbound rules, and connection security rules for encryption. You also have the ability to configure granular rules where you can specify the program, the port number, any predefined services, and custom variables as well. These custom variables include options such as protocol import information, the scope of the particular rule, any actions you would like to have, and the profile that will be included for this rule.
You can find the advanced features under the Advanced Settings option inside of the Firewall. And this will bring up another window that allows you to configure inbound rules, outbound rules, connection security rules, and monitoring information. For example, here are the inbound rules on this computer. I’ll make this a little larger and you can see all of these different inbound rules that are configured.
And you’re able to make configuration changes to any of these by simply clicking on them and making changes to the rule itself. This is especially useful if you’d like to enable or disable part of an application communication or you want to have more control over exactly what traffic is allowed inbound or outbound from your computer.
Category: CompTIA A+ 220-1002