SEARCH

SECURING YOUR WINDOWS NETWORK / HOW-TO GEEK SCHOOL

How-To Geek

Lesson 5: Using Windows Firewall with Advanced Security

Network Security

In the preceding lesson you learned the basics about the Windows Firewall and how to use it. This time we will go deeper into the detailed rules and exceptions that govern the Windows Firewall.

Most users might never need to dig into these settings, and then there may be that one time where you need to allow an application to have access. You will learn about Windows Firewall with Advanced Security, what this special management snap-in is, and how you can use it to truly control everything that the Windows Firewall does.

Before you do that, however, you will have to have a clear understanding of the types of rules existing in the Windows Firewall and their properties. You will also learn what you can monitor using Windows Firewall with Advanced Security.

After that you will finally learn how to manage existing rules in the Windows Firewall and how to create your own outbound and inbound rules.

In case you have played too much with the settings of the Windows Firewall and things are starting to malfunction, you will need to learn how to reset its settings to their defaults. Have no fear, this lesson has you covered and will also share how to reset all the Windows Firewall settings.

Once you’ve completed this lesson, you should have a pretty thorough knowledge of the Windows Firewall.

What is the Windows Firewall with Advanced Security?

Put simply, Windows Firewall with Advanced Security is a management snap-in for the Windows Firewall from which you can control in a very detailed way, all the rules and exceptions that govern how the Windows Firewall works.

In order to access it, you need to open the Windows Firewall as shown in the previous lesson and then click or tap the “Advanced settings” link on the column on the left.

clip_image002

“Windows Firewall with Advanced Security” is now open. This snap-in looks big and scary at first, and for good reason. This is where Windows Firewall stores all its rules at a very detailed level. What we have seen in the previous lesson is only a limited but user-friendly view of the rules that govern its functioning. This is where you get dirty and edit any parameter, no matter how small, for any rule and exception.

clip_image004

Understanding Inbound, Outbound & Connection Security Rules

In Windows Firewall with Advanced Security you will encounter three important types of rules:

  • Inbound rules – they apply to traffic that is coming from the network or the Internet to your Windows computer or device. For example, if you are downloading a file through BitTorrent, the download of that file is filtered through an inbound rule.
  • Outbound rules – these rules apply to traffic that is originating from your computer and going to the network and the Internet. For example, your request to load the How-To Geek website in your web browser is outbound traffic and it is filtered through an outbound rule. When the website is downloaded and loaded by your browser, this is inbound traffic.
  • Connection security rules –less common rules that are used to secure the traffic between two specific computers while it crosses the network. This type of rule is used in very controlled environments with special security requirements. Unlike inbound and outbound rules which are applied only to your computer or device, connection security rules require both computers involved in the communication to have the same rules applied.

All the rules can be configured so that they are specific to certain computers, user accounts, programs, apps, services, ports, protocols, or network adapters.

You can display the rules of a certain type by selecting the appropriate category in the column on the left.

clip_image007

You will see lots of inbound and outbound rules. Some rules will have a green checkmark near their name while others will have a gray one. The rules with the green checkmark are enabled, meaning that they are used by Windows Firewall. Those with a gray checkmark are disabled and they are not used by Windows Firewall.

Windows Firewall rules have the following parameters that can be edited:

  • Name – the name of the rule you are viewing.
  • Group – the group the rule belongs to. Generally, the group describes the app or the Windows feature the rule belongs to. For example, rules that apply to a specific app or program will have the app/program name as the group. Rules that are related to the same networking feature, e.g. File and Printer Sharing, will have as a group name the feature they relate to.
  • Profile – the network location/profile the rule is applied to: private, public, or domain (for business networks with network domains).
  • Enabled – it tells you whether the rule is enabled and applied by Windows Firewall or not.
  • Action – the action can “Allow” or “Block” based on what the rule is supposed to do.
  • Override – tells you whether that rule overrides an existing block rule. By default, all rules should have the value “No” for this parameter.
  • Program – the desktop program the rule applies to.
  • Local address – tells you whether the rule is applied only when your computer has a specific IP address or not.
  • Remote address – tells you whether the rule is applied only when devices with specific IP addresses are connected or not.
  • Protocol – shares the network protocols for which the rule is applied.
  • Local port – tells you whether the rule is applied for connections made on specific local ports or not.
  • Remote port – tells you whether the rule is applied for connections made on specific remote ports or not.
  • Authorized users – the user accounts for which the rule is applied (for inbound rules only).
  • Authorized computers – computers for which the rule is applied.
  • Authorized local principals – the user accounts for which the rule is applied (for outbound rules only).
  • Local user owner – the user account which is set as the owner/creator of the rule.
  • Application package – this applies only to apps from the Windows Store and it shares the package name of the app the rule applies to.

What Can Be Monitored from the Windows Firewall with Advanced Security

Beneath the three types of rules mentioned earlier, you will find a section named “Monitoring.” If you expand it, you can view the active firewall rules, the active connection security rules, and view the active security associations.

clip_image009

A security association is something that most of us will never use. This is the information maintained about a secure encrypted channel on the local computer or device, so that this information can be used for future network traffic to a specific remote computer or device. Here you can view which peers are currently connected to your computer and which protection suite was used by Windows to form the security association.

How to Manage Existing Windows Firewall Rules

The first thing you should keep in mind when working with the rules that are built into the Windows Firewall is that it is better to disable a rule than delete it. In case you do something ill-advised, then it is very easy to repair everything by re-enabling disabled rules. Rules which get deleted cannot be recovered unless you restore all the Windows Firewall settings to their defaults.

To disable a rule, first select it and then press “Disable Rule” on the column on the right.

clip_image011

Alternatively, you can also right click on a rule and select “Disable Rule.”

clip_image012

If you want to edit a rule and the way it works, you can do so by double-clicking on it, selecting it, and then pressing “Properties” in the column on the right or right-clicking on it and selecting “Properties.”

All the parameters we have mentioned earlier in this lesson can be modified in the “Properties” window of that rule.

clip_image013

When you are done making your changes, don’t forget to press “OK,” so that they are applied.

How to Create an Outbound Rule for the Windows Firewall

Creating rules in Windows Firewall with Advanced Security is easier than you would think and it involves using a friendly wizard. To illustrate, let’s create an outbound rule that blocks access to the network and the Internet for Skype, only when you are connected to untrusted public networks.

To do this, go to “Outbound Rules” and press “New Rule” in the column on the right.

clip_image015

    Continue Reading »
  • 1
  • 2
  • Next

Ciprian Adrian Rusen is an experienced technology writer and author with several titles published internationally by Microsoft Press. You can connect with him on 7 Tutorials, Twitter, and Google+ or even buy his books on Amazon.

  • Published 05/30/14