Windows 7: Article

Windows 7 Security – Part 3: Windows Firewall with Advanced Security

By Emmanuel Arinze, CISSP

Windows Firewall with Advanced Security or Windows Firewall for short is just one component in Microsoft’s implementation of the defense-in-depth strategy.

Defense –in-depth is the implementation of an information security policy that uses an array of complementary components, systems, and methods to provide comprehensive and layered protection to a network and its resources from its outer perimeter all the way into its innermost systems and data.

When you connect to the Internet at home, in the office or in a travel setting, you will be using network resources that most likely implement some manner of protection in the form of hardware/software firewalls, IDS/IPS (Intrusion Detection Systems / Intrusion Prevention Systems), antivirus applications and more.

However, it is also prudent while placing some measure of trust in your service provider’s security arrangements, to implement as much security on your own computer as you reasonably can.

Windows Firewall is one of the key elements to help you secure your Windows 7 computer. It works in concert with your antivirus and anti-spyware applications to provide a barrier between your computer and the outside world.

The firewall works by blocking the entry of unauthorized traffic while allowing free passage to authorized connections and resources.

Windows Firewall is a two-way stateful-inspection packet filtering firewall. In Windows 7, the firewall is enabled by default and initiates protection of your system as soon as it boots up.

Stateful inspection: This means that the firewall constantly monitors the state of the communications process between your computer and others.

It does this by keeps a record of all communications between your computer and the outside world and will only allow inbound data packets that are a legitimate response to a request made by your computer, while blocking all unsolicited packets.

Packet filtering: As the name implies, packet filtering means that the firewall filters inbound and outbound data packets according to a set of rules.

The firewall will apply its rules to either block or forward a packet based on one or more attributes of the data packet itself. These attributes include the following:

• The Source IP Address of the computer that generated the packet

• The Destination IP Address of the computer

• The type of Network Protocol used by the packet, for example IP (Internet Protocol)

• The type of Transport Protocol used by the packet, for example TCP (Transmission Control Protocol)

• The packet’s Source and Destination Ports, which are the numbered communications channels each computer uses for specific protocols and services for example HTTP (Hypertext Transfer Protocol), operates on port 80.

The Windows 7 firewall has been much improved from the version that was implemented in Windows XP. The new enhancements include the following:

• The new Windows Firewall with Advanced Security snap-in console implements network awareness and will apply security settings appropriate with the type of network that the computer is connected to. It also enables the firewall to be configured remotely.

• The firewall now controls and monitors both incoming and outbound traffic, instead of just incoming traffic as in Windows XP.

• Firewall rules can now be configured to manage a wide array of protocols in addition to TCP and UDP. The firewall rules also control access to and from Active Directory accounts and groups, different types of network connections, source and destination IP addresses for inbound and outbound packets, and provides configuration for services.

The Windows 7 firewall maintains three separate configurable profiles for managing connections to domains, private, and public networks. Each of these profiles comprises a collection of settings for each of the three network connection types.

• The Domain profile is enabled when your computer is authenticated to an Active Directory Domain. This profile enables the firewall settings to be remotely controlled by a network administrator.

• The Private profile is used when your computer is connected in a workgroup configuration. This may be in either a home or office setting.

• You would typically use the Public profile when connecting your computer to a network in public location where Wi-Fi hotspots are available. These may include public libraries and airports. This public profile would typically have the most restrictive settings.

The Windows 7 firewall has a feature called Multiple Access Firewall Profiles (MAFP). This enables the enables the firewall to apply multiple simultaneous profile settings in a situation where the computer is connected to several different networks at once.

The firewall in Windows 7 has been implemented as a Control Panel application where it can be launched by double-clicking on the firewall icon after clicking on the System and Security icon. It can also be accessed by typing Firewall into the Start menu search box.

When the firewall application is launched, it opens a window showing your current connections, whether Domain, Private or Public. You will have no access to control of the Domain firewall settings unless you are connected to an Active Directory domain.

On the left side panel of the firewall application window, there are options to allow a program or feature through the firewall, change the notification settings, turn the firewall on or off, restore the default settings, and access the advanced settings. There is also an option that enables you troubleshoot your network connection.

Clicking on the Allow a program or feature through Windows Firewall link takes you to a window showing a list of programs with options enabling you to add, change, or remove allowed programs and ports.

Clicking on Change notification settings takes you to a window where you can modify the firewall settings for each type of network location that you use.

For each setting here you can turn Windows firewall on or off, block all incoming connections, and have the firewall notify you when it blocks a new program.

In the firewall application window, you are given the option to enable or disable Windows firewall for each of the three connection types.

You would generally use this feature when installing a third-party firewall that does not disable the Windows firewall automatically.

The Restore defaults window allows you to restore Windows Firewall to its original settings at the time of its installation.

The Advanced settings link opens the Windows Firewall with Advanced Security window where you can configure Inbound Rules, Outbound Rules, and Connection Security Rules. You can also monitor the Firewall, Connection Security Rules and Security Associations.

It is important to note that in Windows 7, unlike earlier versions of Windows, the Windows Firewall can function alongside third-party firewalls.

Some third-party firewalls that will work with Windows 7 include:

• Comodo Firewall Pro
• NeT Firewall
• Outpost Firewall pro
• PC Tools Firewall Plus
• Checkpoint ZoneAlarm
• Preventon Personal Firewall Pro
• Sphinx software’s Windows 7 Firewall Control
• PrivateFirewall
• Tall Emu Online Armor Personal Firewall
• Lavasoft personal Firewall

A comparative review of these firewalls is beyond the scope of this article, but it is worth noting that most of these firewalls have free versions and in some cases like the Comodo Firewall Pro are completely free.

While the above firewalls are standalone applications, most antivirus suites now come with a firewall as part of their functionality. This includes such popular programs as the Kaspersky Internet Security Suite, McAfee Personal Firewall Plus, Norton Internet Security, and Panda Internet Security, Computer Associates Internet security, and Trend Micro internet Security.

Tip: Click here to run a free scan for Windows related errors