Logo
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
PREGNANCY
 
 
Windows 7

Blocking Intruders with Windows Firewall (part 2) - Allowing Connections Through the Firewall

3/16/2011 6:12:11 PM

4. Allowing Connections Through the Firewall

In some situations, you want to allow other computers to initiate a connection to your computer. For example, you might use Remote Desktop, play multiplayer games, or chat via an instant messaging program; these types of programs typically require inbound connections so that others can contact you.

The simplest way to enable a connection is to click Allow A Program Or Feature Through Windows Firewall, a link in the left pane of the main Windows Firewall window. The list of programs and features that initially appears in Allowed Programs, shown in Figure 2, depends on which programs and services are installed on your computer; you can add others, as described in the following sections. In addition, program rules are created (but not enabled) when a program tries to set up an incoming connection. To allow connections for a program or service that's already been defined, simply select its check box for each network location type on which you want to allow the program. (You'll need to click Change Settings before you can make changes.)

Figure 2. Selecting an item and clicking Details displays a description of the program or service.


In each of these cases, you enable a rule in Windows Firewall that pokes a small hole in the firewall and allows a certain type of traffic to pass through it. Each rule of this type increases your security risk to some degree, so you should clear the check box for all programs you don't need. If you're confident you won't ever need a particular program, you can select it and then click Remove. (Many of the list items included with Windows don't allow deletion, but as long as their check boxes are not selected, there's no danger.)

The first time you run a program that tries to set up an incoming connection, Windows Firewall asks for your permission by displaying a dialog box similar to the one shown below. You can add the program to the allowed programs list by clicking Allow Access.



When such a dialog box appears, read it carefully:

  • Is the program one that you knowingly installed and ran?

  • Is it reasonable for the program to require acceptance of incoming connections?

  • Are you currently using a network location where it's okay for this program to accept incoming connections?

If the answer to any of these questions is no—or if you're unsure—click Cancel. If you later find that a needed program isn't working properly, you can open the allowed programs list in Windows Firewall and enable the rule.

Alternatively, you can set up the program from Allowed Programs, the window shown in Figure 15-6, without waiting for a Windows Security Alert dialog box to appear. Follow these steps:

  1. Click Allow Another Program. The Add A Program dialog box appears.

  2. In Add A Program, select the program for which you want to allow incoming connections. Or click Browse and navigate to the program's executable file if it isn't shown in the Programs list.

  3. Click Network Location Types.



  4. Select the network location types on which you want to allow the program, click OK, and click Add. (You can also select network locations in Allowed Programs after you add the program.)

5. Restoring Default Settings

If you've played around a bit with Windows Firewall and perhaps allowed connections that you should not have, you can get back to a known, secure state by clicking Restore Defaults in Windows Firewall. Be aware that doing so removes all rules that you've added for all programs. Although this gives you a secure setup, you might find that some of your network-connected programs no longer work properly. As that occurs, you can re-add each legitimate program that needs to be allowed, as described on the previous pages.

6. Advanced Tools for Managing Windows Firewall

If you have any experience at all with configuring firewalls, you'll quickly realize that the Windows Firewall application in Control Panel covers only the most basic tasks. Don't take that as an indication that Windows Firewall is underpowered. To the contrary, you can configure all manner of firewall rules, allowing or blocking traffic based on program, port, protocol, IP address, and so on. In addition, you can enable, disable, and monitor rules, configure logging, and much more. With advanced tools, you can also configure Windows Firewall on remote workstations. Because the interface to these advanced features is rather daunting, Windows Firewall provides the simplified interface described on the preceding pages. It's adequate not only for less experienced users, but also for performing the routine firewall tasks needed by information technology (IT) professionals and others.

Nonetheless, our tour of security essentials would not be complete without a visit to Windows Firewall With Advanced Security, a snap-in and predefined console for Microsoft Management Console (MMC) that offers granular control over rules, exceptions, and profiles. To open it, in Windows Firewall click Advanced Settings. (If you're using a standard account and you haven't yet entered administrative credentials during this Windows Firewall session, you'll need to enter them now.) Windows Firewall With Advanced Security appears, as shown in Figure 3.

Figure 3. In the left pane, click Inbound Rules or Outbound Rules to view, configure, create, and delete firewall rules.


The initial view presents information similar to that shown in Windows Firewall. Go just a few steps further into the cave, however, and you could be lost in no time. The "Windows Firewall with Advanced Security Getting Started Guide" can brighten your path; view it at w7io.com/1502.

Inside Out: Open Windows Firewall With Advanced Security directly

You don't need to open Windows Firewall to get to Windows Firewall With Advanced Security. In the Start menu search box, type wf.msc and press Ctrl+Shift+Enter to run it as an administrator.


If you're not intimidated by the Windows Firewall With Advanced Security console, you might want to try the command-line interface for managing Windows Firewall. Because it can be scripted, it can be useful if you need to make firewall settings repeatedly, whether on a single computer as conditions change or on a fleet of computers. To use the command- line interface, you use the Netsh command with the Advfirewall context. You can get some terse help by typing netsh advfirewall in a Command Prompt window. 

Other -----------------
- Monitoring Your Computer's Security
- Recording and Watching TV
- Using Windows Live Web Services
- Using Windows Live Programs (part 3) - Using Windows Live Photo Gallery
- Using Windows Live Programs (part 2) - Using Windows Live Mail
- Using Windows Live Programs (part 1) - Obtaining a Windows Live ID & Using Windows Live Messenger
- Using Speech Recognition and Voice Commands
- Reading, Writing, and Editing with Pen and Touch Tools (part 1) - Using Gestures in Windows 7
- Reading, Writing, and Editing with Pen and Touch Tools (part 1) - Using Gestures in Windows 7
- Enabling and Customizing Pen and Touch Features
- Working with (and Around) Digital Rights Management
- Managing Your Media Library
- Ripping CDs
- Using Windows Media Player (part 2) - Working with Playlists
- Using Windows Media Player (part 1)
- Which File Formats and Codecs Does Windows 7 Support?
- Performing Routine Maintenance - Managing Disk Space
- Performing Routine Maintenance - Defragmenting Disks for Better Performance
- Performing Routine Maintenance - Checking Disks for Errors
- Performing Routine Maintenance - Keeping Your System Secure with Windows Update
 
 
Most view of day
- Windows Phone 8 : Configuring Basic Device Settings - Providing Feedback
- Windows Phone 7 : Running XNA Projects in Windows (part 3) - Input Differences, Isolated Storage, Application Life Cycle
- SharePoint 2010 : Farm Governance - Installing a feature and activating it
- Sharepoint 2013 : Integrating Apps for Office with SharePoint (part 1) - Standalone Apps for Office
- Windows Phone 8 : Designing for the Phone - Designing with Visual Studio
- Microsoft Excel 2010 : Calculating the Mean (part 1) - Understanding Functions, Arguments, and Results
- Configuring Startup and Troubleshooting Startup Issues : How to Configure Startup Settings (part 1)
- Sharepoint 2013 : Planning for Disaster Recovery
- Maintaining Desktop Health : Using Task Scheduler (part 2) - Task Scheduler Security, Task Scheduler User Interface
- Integrating BizTalk Server 2010 and Microsoft Dynamics CRM : Communicating from BizTalk Server to Dynamics CRM (part 4) - Configuring the BizTalk endpoints
Top 10
- SQL Server 2012 : Latch Contention Examples - UP Latches in tempdb, Spinlock Contention in Name Resolution
- SQL Server 2012 : Latch Contention Examples - Queuing
- SQL Server 2012 : Latch Contention Examples - Inserts When the Clustered Index Key Is an Identity Field
- SQL Server 2012 : Latches and Spinlocks - Monitoring Latches and Spinlocks
- SQL Server 2012 : Latches and Spinlocks - SuperLatches/Sublatches
- SQL Server 2012 : Latches and Spinlocks - Latch Types, Latch Modes
- Sharepoint 2013 : Overview of The Client-Side Object Model and Rest APIs - Client-Side Object Model API Coverage
- Sharepoint 2013 : Overview of The Client-Side Object Model and Rest APIs - REST and OData (part 3) - Creating, Updating, and Deleting
- Sharepoint 2013 : Overview of The Client-Side Object Model and Rest APIs - REST and OData (part 2) - Filtering and Selecting
- Sharepoint 2013 : Overview of The Client-Side Object Model and Rest APIs - REST and OData (part 1) - Getting Started with REST and OData
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro