IN THIS CHAPTER
Understanding how firewalls protect your computer
Using Security Center
Using Windows Firewall
Configuring Windows Firewall
If you use the Internet, a firewall is a must-have security tool. It's not the only tool you need, but it's an important one. It protects your computer from hackers and worms. Hackers are people who would attempt to access your computer through the Internet without your knowing it. Worms are programs, such as viruses, that are usually written to do intentional harm.
Windows 8.1 comes with its own built-in firewall. If you didn't know about it before going online, relax. It's enabled by default. So, most likely, it's been protecting you since the very first moment you went online. (Plus, your Internet service provider protects you from most invasions.) In this chapter, you learn how the firewall works and how to configure it for maximum protection.
To understand what a firewall is, you need to first understand what a network connection is. Even though you have only one skinny set of wires connecting your computer to the Internet (through a DSL phone line or cable outlet), that connection actually consists of 65,535 ports. Each port can simultaneously carry on its own conversation with the outside world. So, theoretically, you could have 65,535 things going on at a time. Of course, nobody ever has that much going on all at one time. A handful of ports is more like it.
The ports are divided into two categories:
Each port has two directions: incoming (or ingress) and outgoing (or egress). The direction is in relation to stuff coming into your computer from the outside — namely, the Internet. It's the stuff coming into your computer that you have to watch out for. But you can't close all ports to all incoming traffic. If you did, there'd be no way to get the good stuff in. But you don't want to let everything in, either. You need a way to separate the wheat from the chaff, so to speak.
Anti-spyware and antivirus software are good tools for keeping out viruses and other bad things that are attached to files coming into your computer. But hackers can actually sneak worms and other bad things in through unprotected ports without involving a file in the process. That's where the firewall comes into play. A stateful firewall, such as the one that comes with Windows 8.1, keeps track of everything you request. When traffic from the Internet wants to come in through a port, the firewall checks to make sure the traffic is something you requested. If it isn't, the firewall assumes this is a hacker trying to sneak something in without your knowing it and, therefore, prevents the traffic from entering your computer. Figure 7.1 illustrates how it works.
So, there's really more to it than just having a port open or closed. It's also about filtering — making sure that data coming into an open port is something you requested and not some rogue, uninvited traffic sent by some hacker. Many of the worms that infected so many computers in the 1990s did so by sneaking in undetected through unfiltered ports. These days, you really want to make sure you have a firewall up whenever you go online to prevent such things.
Before you explore Windows Firewall, take a look at the Action Center. This is a single point of notification for most of your PC's security. You can open the Action Center in several ways. Use whichever is most convenient for you:
Whichever method you use, the Action Center opens. Figure 7.2 shows an example. We clicked the arrow button to the right of each heading so that you can see the descriptive text under each heading. You can click that button to show or hide the same descriptive text.
By default, Windows Firewall is turned on and working at all times, so your Action Center should show “On” beside the Firewall item, as in Figure 7.2 (and you see only the Network Firewall item in Action Center if you click the arrow beside the Security heading). If your version of Figure 7.2 shows Off or Not Monitored, you may have a third-party firewall program running in place of Windows Firewall. Many such programs are available, such as McAfee, Symantec, and Check Point. If your firewall is turned off and you don't know why, it would be good to find out the reason — perhaps from your computer manufacturer or a support person who worked on your computer. If you don't have any firewall up, you should definitely turn on Windows Firewall.
To turn Windows Firewall on or off, you must have administrative privileges. In the System and Security Control Panel window, click Windows Firewall. You should see the current firewall status in the right pane, and options for controlling the firewall in the left pane. Click Change Notification Settings or Turn Windows Firewall On or Off in the left pane to see the options shown in the foreground of Figure 7.3.
If you have a third-party firewall that you feel is more secure than the Windows Firewall, you can choose the Off option to turn off Windows Firewall. Just make sure you have a firewall up when you go online. Otherwise, you won't have anything to stop uninvited traffic on your network connection after the traffic gets by your Internet service provider.
When Windows Firewall is turned on and running, you don't really have to do anything special to use it. It will be on constant vigil, automatically protecting your computer from hackers and worms trying to sneak in through unprotected ports. Ports for common Internet tasks such as e-mail and the web will be open and monitored so that you can easily use those programs safely.
Internet programs that don't use standard e-mail and web ports may require that you create an exception to the default firewall rules for incoming traffic. Examples include instant messaging programs and some online games. When you try to use such a program, Windows Firewall displays a security alert like the one in Figure 7.4.
The message doesn't mean that the program is “bad.” It just means that to use the program, the Firewall has to open a port. If you don't recognize the program name and publisher shown, click Cancel. If you want to use the program, first decide for which networks the exception will be allowed. For example, if the traffic is coming from another computer on your local network, select the Private Networks option. For traffic coming from the Internet, select Public Networks (you can select either or both, as needed). Then, click Allow Access. Allowing access for a program doesn't leave the associated port wide open. It just creates a new rule that allows that one program to use the port. You're still protected because the port is closed when you're not using that specific program. The port is also closed to programs other than the one for which you unblocked the port. If you change your mind in the future, you can always reblock the port, as described in the next section.
Normally, when you try to use a program (or an app) that needs to work through the firewall, you get a message like the example shown in Figure 9.4. Occasionally, you might need, or want, to manually allow or block a program through the firewall. If you have administrative privileges, you can do that via the Allowed Apps page shown in Figure 7.5. To open that page, click Allow an App through Windows Firewall in System and Security (by the Windows Firewall item in the Control Panel).
Items on the list with a check mark beside them represent apps that work through the firewall. You'll also see any exceptions you created in response to a security alert.
You probably aren't familiar with most of the apps and programs listed in the Allowed Apps and Features list, so you should not select or deselect a box just by guessing. But you don't need to guess, either. If you just leave things as they are, everything will be fine. If you later decide to use one of the listed features, you'll be prompted at that point to allow access for the app or program if it's necessary to do so.
You can unblock ports for apps and programs that aren't listed under Allowed Apps and Features. You would do this only if specifically instructed to do so by an app or program manufacturer you know and trust.
If the app or program for which you want to create an exception isn't listed under Allowed Apps and Features, you can do the following:
.exe
file).The check boxes in the Allowed Apps and Features list indicate whether the exception is enabled or disabled. When you clear a check box, the exception is disabled, and traffic for that program is rejected. This makes it relatively easy to enable and disable a rule for a program on an as-needed basis because the program name always remains in the list of exceptions.
To change the scope of an exception in your exceptions list, click the check box in the Private or Public column, as needed. To remove a program from the exceptions list, and stop accepting unsolicited traffic through its port, click the program name and then click the Remove button.
The rest of this chapter goes well beyond anything that would concern the average home computer user. It's for more advanced users and network and security administrators who might need to configure Windows Firewall to comply with an organization's security policy. All these options require administrative privileges. We don't go into great detail on what the various options mean because we assume you're working to comply with an existing policy.
To get to the advanced configuration options for Windows Firewall, first open Windows Firewall from the System and Security item in the Control Panel. Then click the Advanced Settings link in the left pane. The firewall console, shown in Figure 7.8, opens.
As you can see in the figure, you have three independently configurable profiles to work with:
Clicking the Windows Firewall Properties link near the bottom of the console (or the Properties item in the Actions pane) takes you to the dialog box shown in Figure 7.9. Notice that you can use tabs at the top of the dialog box to configure the Domain, Private, and Public settings. The fourth option applies to IPsec (IP Security), commonly used with virtual private networks (VPNs), which are described a little later in this section. By default, Inbound Connections are set to Block and Outbound Connections are set to Allow. You can change either setting by clicking the appropriate button.
Each profile tab has a Customize button in its Settings section. Clicking that button provides an option to turn off firewall notifications for that profile. Administrators can also use options on that tab to allow or prevent unicast responses to multicast and broadcast traffic. There's also an option to merge local administrator rules with rules defined through group policy.
Each profile tab also offers a Logging section with a Customize button. Click the Customize button to set a name and location for the log file and a maximum size, and to choose whether you want to log dropped packets, successful connections, or both. You can use that log file to review firewall activity and to troubleshoot connection problems caused by the firewall configuration.
The IPsec Settings tab in the firewall properties provides a way to configure IPsec (IP Security). Clicking the Customize button under IPsec Defaults reveals the options shown in Figure 7.10. The Default settings in each case cause settings to be inherited from a higher-level group policy object (GPO). To override the GPO, choose whichever options you want to apply to the current Windows Firewall instance. When you override the default, you can choose key exchange and data integrity algorithms. You can also fine-tune Kerberos V5 authentication through those settings.
Clicking OK or Cancel in the Customize IPsec Defaults dialog box takes you back to the IPsec Settings tab. There you can use the IPsec Exemptions section to exempt ICMP from IPsec, which may help with connection problems caused by ICMP rules.
That covers the main firewall properties. You can configure plenty more outside the Properties dialog box. Again, most of these go far beyond anything the average home user needs to be concerned with, so we're being brief here. Advanced users needing more information can find plenty of information in the Help section for the firewall.
In the left column of the main Windows Firewall with Advanced Security window shown back in Figure 7.8, you see Inbound Rules and Outbound Rules links. These provide very granular control over Windows Firewall rules for incoming and outgoing connections. Figure 7.11 shows a small portion of the possibilities there. Use the scrollbars to see them all.
Here we're getting into security matters that go beyond the scope of this book. But we think it will be easy for any professional administrator to figure out what's going on there. Options (and the Help link) in the Actions column on the right tell all. You can also change any exception in the center column by right-clicking and choosing Properties.
A firewall is an important component of a larger overall security strategy. Windows 8.1 comes with a built-in firewall that's turned on and working from the moment you first start your computer. The firewall is automatically configured to prevent unsolicited Internet traffic from getting into your computer, thereby protecting you from worms and other hacking attempts. The Windows 8.1 firewall also provides advanced options for professional network and security administrators who need more granular control over its behavior. In summary: