Using Windows 7 Firewall with Advanced Security
Windows 7 comes bundled with it’s own software firewall that can help protect against everything that shouldn’t be going in, or out, of your machine. Simply turning on the Windows 7 Firewall can be a big help, but what if things aren’t quite working the way you want them to?
For those of us who need a bit of extra control, I’ll go over each section of the Windows 7 Firewall configuration so you can fine-tune your protection. I won’t go over everything you can customize, but try to cover the most common things, in my experience, that may need to be configured.
Accessing Windows 7 Firewall
To open the Windows 7 Firewall, simply open your start menu and type “Firewall” into the search box. You should see “Windows Firewall with Advanced Security.” Go ahead and open that up and you’ll see something similar to the photo below.
Windows 7 Firewall Advanced Security Interface
Let’s take a look at the Windows 7 Firewall Interface. The first thing you’ll notice is that there is a lot going on. Don’t worry though, the interface is actually quite simple to use and makes things fairly simple to read, even if the interface is a bit different than what we’re used to.
On the left, you’ll see a menu system including Inbound and Outbound Rules, Connection Security rules, and a menu item for monitoring the firewall. In the center box, you’ll see what you will be working with. This is where you’ll see all of the current rules and settings, and where you can edit them.
On the right side, you’ll see an Actions menu. This menu will let you import and export policies, restore, diagnose, or repair (just in case,) along with a few special actions depending on the current menu we’re currently working in. You generally won’t need to use the action menu too much, unless you have policies already saved on your computer that you would like to import.
Getting Started with Advanced Security
The first thing we’ll want to do is make sure the firewall is turned on. On the main firewall page, you should see a section labeled “Overview.” In this section, you should see a Domain Profile, a Private Profile, and a Public Profile. For each of these profiles, choose if you would like to have the firewall on, or off.
To turn the firewall on, look under each profile. The first shield image you should see will be either red, or green, along with text to explain whether the firewall is turned on or off. If it’s off, click on the arrow below labeled “Windows Firewall Properties” and turn it on.
Exempting a Computer from Firewall
Let’s say you have a media server, or even just a computer that sometimes streams content to others in your network. You obviously trust your server, so you want to let it access the computer your on so you can send and receive media as needed without having to authenticate server side. We’ll need to set it up as a trusted computer. In Windows 7 Firewall, this is called an Authentication Exemption.
To set up an authentication exemption, go to “Connection and Security Rules” in the left hand menu. Next, click on “New Rule” in the Action menu. Here you will see the different types on security rules and exemptions you can create. There is also a short description of each to help you figure out if a machine on your network or outside of your network needs any special rules set. In this case, choose “Authentication Exemption” and then click next. Here you can add machines that are exempt from authenticating, click “Add” and you’ll be able to set the IP Address or IP Address range to exemplify. Click OK and then next again to get to the next step in the Wizard. The final step allows you to name the security rule. It’s a good idea to name the rule after the machine(s) you are setting the rule for so you can easily go back to it if needed.
Setting Inbound and Outbound Rules
So let’s say you just installed a new application that needs access to the Internet. You trust the application and want to give it full access to the Internet. The first thing you will need to figure out, is if it needs access to incoming traffic, outgoing traffic, or both. In this example, let’s assume that the application needs to both send, and receive data from the Internet. First, let’s set up an inbound rule to make sure that the application can pull data from the Internet. To set an inbound rule, click on the Inbound Rule menu item on the left side menu, and then click “New Rule…” in the Action menu.
Here, you can create a rule for programs, ports, predefined rules (the HomeGroup, for example,) and custom rules. In this example, we’ll create a program rule. You’ll see a choice for “All Programs” or a specific program path. Choosing All Programs is rarely recommended, so we’ll browse for the program instead. After you choose your program, you’ll be able to set the rule itself.
In most cases, “Allow the connection” will be the best choice, however, you can choose to only allow the connection if it is secure. You also get the choice to block the connection, which although it is the opposite of what we’re trying to do in this example, it is good to remember that we can also block specific applications from accessing sending and receiving. Choose “Allow the connection” and click next. Again, you will be prompted to choose which profiles the rules apply to, and be given the ability to name the rule. For outgoing traffic, the exact same process applies, except in the Outbound Rules section.
So Far, So Good!
Now that you’re able to set up exemptions for computers you trust, and allow or deny applications from sending or receiving data, you are well on your way to having complete control over your computer system.