Posts Tagged ‘Firewall’

A firewall is an important component of a larger overall security strategy. Windows 7 comes with a built-in firewall that’s turned on and working from the moment you first start your computer.

 

The firewall is automatically configured to prevent unsolicited Internet traffic from getting into your computer, thereby protecting you from worms and other hack attempts. The 7 firewall also provides advanced options for professional network and security administrators who need more granular control over its behavior. In Detail:

 

  • Exceptions in Windows Firewall are programs that are allowed to work through the firewall.
  • A firewall will not protect your computer from viruses, pop-up ads, or junk e-mail.
  • A firewall protects your computer from unsolicited network traffic, which is a major cause of worms and other hack attempts.
  • When you start an Internet program that needs access to the Internet through a closed port, you’ll be given a security alert with options to Unblock, or Keep Blocking, the port. You must choose Unblock to use that program.
  • Windows Firewall is one of the programs in the Security Center. To open Security Center, click the Start button and choose Control Panel ➪ Security ➪ Security Center.
  • You don’t need to configure the firewall to use standard Internet services such as the Web and e-mail. Those will work through the firewall automatically.
  • Professional network and security administrators can configure Windows Firewall through the Windows Firewall with Advanced Security console in Administrative Tools.
  • From the Start menu, you can search on the keyword fire to get to Windows Firewall configuration options.
Advertisements

It’s important to understand that a firewall alone is not sufficient protection against all Internet threats.

A firewall is just one component in a larger defense system. Specifically:

 

  • Windows firewall doesn’t protect you from spyware and viruses. See Chapter 8 for more information on that protection.
  • Windows firewall doesn’t protect you from attacks based on exploits. Automatic updates provide that protection.
  • A firewall doesn’t protect you from pop-up ads.
  • A firewall doesn’t protect you from phishing scams.
  • Windows firewall doesn’t protect you from spam (junk e-mail).

 

So, a firewall isn’t a complete solution. Rather, it’s an important component of a larger security strategy.

To understand what a firewall is, you need to first understand what a network connection is. Even though you have only one skinny set of wires connecting your computer to the Internet (through a phone line or cable outlet), that connection actually consists of 65,535 ports. Each port can simultaneously carry on its own conversation with the outside world. So, theoretically, you could have 65,535 things going on at a time. Of course, nobody ever has that much going on all at one time. A handful of ports are more like it.

The ports are divided into two categories: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). TCP is generally used to send text and pictures (Web pages and e-mail), and includes some error checking to make sure all the information that’s received by a computer matches what the sending computer sent. UDP works more like broadcast TV or radio, where the information is just sent out and there is no error checking. UDP is generally used for real-time communications, such as voice conversations and radio broadcasts sent over the Internet.

Each port has two directions: incoming and outgoing. The direction is in relation to stuff coming into your computer from the outside: namely the Internet. It’s the stuff coming into your computer that you have to watch out for. But you can’t close all ports to all incoming traffic. If you did, there’d be no way to get the good stuff in. But you don’t want to let everything in.

Antispyware and antivirus software are good tools for keeping out viruses and other bad things that are attached to files coming into your computer. But hackers can actually sneak worms and other bad things in through unprotected ports without involving a file in the process. That’s where the firewall comes into play. A stateful firewall, such as the one that comes with Windows 7, keeps track of everything you request. When traffic from the Internet wants to come in through a port, the firewall checks to make sure the traffic is something you requested. If it isn’t, the firewall assumes this is a hacker trying to sneak something in without your knowing it, and therefore prevents the traffic from entering your computer.