What is Windows Firewall?

Replies

• 

  friendster7

  
  
  

  What Windows Firewall does and does not do?​

  
  It does: It does not:
  Help block computer viruses and worms from reaching your computer. Detect or disable computer viruses and worms if they are already on your computer. For that reason, you should also install antivirus software and keep it updated to help prevent viruses, worms, and other security threats from damaging your computer or using your computer to spread viruses to others.
  Ask for your permission to block or unblock certain connection requests. Stop you from opening e-mail with dangerous attachments. Don't open e-mail attachments from senders that you don't know. Even if you know and trust the source of the e-mail you should still be cautious. If someone you know sends you an e-mail attachment, look at the subject line carefully before opening it. If the subject line is gibberish or does not make any sense to you, check with the sender before opening it.
  Create a record (a security log), if you want one, that records successful and unsuccessful attempts to connect to your computer. This can be useful as a troubleshooting tool. If you want Windows Firewall to create a security log, see Enable security logging options. Block spam or unsolicited e-mail from appearing in your inbox. However, some e-mail programs can help you do this. Check the documentation for your e-mail program to learn more.
• 

  balumankala

  Coool info yaar. thank u
• 

  Prasad Ajinkya

  Awesome posts friendster. While you are at it, please tell us about demilitarized zones and why do we need DMZs.
  
  And speaking of firewalls, its better to use any of the other firewalls other than windows firewall. The windows firewall is at the lowest of the lot in the hierarchy of firewalls. Personally speaking, iptables rock in linux.
• 

  eski_komut

  thanks friendster7,good sharing.
• 

  friendster7

  In computer networking, DMZ is a firewall configuration for securing #-Link-Snipped-#. In a DMZ configuration, most computers on the LAN run behind a #-Link-Snipped-# connected to a public network like the Internet. One or more computers also run outside the firewall, in the DMZ. Those computers on the outside intercept traffic and broker requests for the rest of the LAN, adding an extra layer of protection for computers behind the firewall.
  Traditional DMZs allow computers behind the firewall to initiate requests outbound to the DMZ. Computers in the DMZ in turn respond, forward or re-issue requests out to the Internet or other public network, as #-Link-Snipped-# do.(Many DMZ implementations, in fact, simply utilize a proxy server or servers as the computers within the DMZ.) The LAN firewall, though, prevents computers in the DMZ from initiating inbound requests. DMZ is a commonly-touted feature of home #-Link-Snipped-#. However, in most instances these features are not true DMZs. Broadband routers often implement a DMZ simply through additional firewall rules, meaning that incoming requests reach the firewall directly. In a true DMZ, incoming requests must first pass through a DMZ computer before reaching the firewall.
• 

  friendster7

  How to Install a Demilitarized Zone for Your Servers
  
  What is a Demilitarized Zone (DMZ)?
  
  Common setups used for small and medium networks include a firewall that processes all the requests from the internal network (LAN) to the Internet and from the Internet to the LAN. This firewall is the only protection the internal network has in these setups and it handles any NAT (Network Address Translation), forwarding and filtering requests as necessary. In most cases, the firewall also runs public services accessible from the Internet, such as web services and e-mail services. Within such setups, the DMZ is thus installed on and limited, we may say, to the server.
  
  
  Why use a DMZ?
  
  A DMZ aims to secure the internal network from external access. It does so by isolating the public services (requiring any entity from the Internet to connect to your servers) from the local, private LAN machines in your network.
  
  The most common method of implementing such a divider is by setting up a firewall with three network interfaces installed. The first one is used for the Internet connection, the second for the DMZ network and the third for the private LAN. Any inbound connections are automatically forwarded to the DMZ because the private LAN does not run any services and is not connectible. Therefore, setting up the DMZ helps isolate the LAN from any Internet attacks.
  
  
  How to set a DMZ?
  
  First of all, you need to decide what services will run on each machine. The DMZ is generally on a different network segment, both physically and logically. This means that you need to use a separate machine to host the services you want to make public (such as DNS, web, mail etc.). From the connectivity point of view, the DMZ will be located on a different subnet than the LAN.
  
  Furthermore, NAT should be provided for the computers on the LAN in order to enable the Internet access for the client hosts. The clients should also be enabled to connect to the servers in the DMZ.
  
  Here is how the final setup should look:

  #-Link-Snipped-#​

  
  
  Hardening the DMZ machines
  Computers in the DMZ obviously need to be hardened as much as possible given the fact that they will be in the first line, right behind the firewall. Their position will prevent attacks on the LAN, but it may also increase the risk to get compromised.
  Here is a list of methods that you can use to increase the security of your DMZ systems:
  

  • Disable all unnecessary services and dæmons;
  • Run services chrooted whenever possible;
  • Run services with unprivileged UIDs and GIDs whenever possible;
  • Delete or disable unnecessary user accounts;
  • Configure logging and check logs regularly;
  • Use your firewall's security policy and anti-IP-spoofing features.

  The DMZ infrastructure can also be improved by adding multiple demilitarized zones with different security levels, depending on the number of systems and services being deployed on the network. These zones can be assembled in a tier-like structure so that the information is passed from one DMZ to another.
  
  This type of network infrastructure is not the most secure way of protecting the private perimeter, but it is sometimes required. An example of such situation would be when a web server placed in a DMZ requires access to a database server over a secured port (and that port only) placed in a second DMZ. This database server could ultimately access some data found on the private LAN systems, if there is such a requirement. This way, the database is secured from public exposure, while keeping the web server accessible and the private LAN, isolated. Note: The above-listed methods apply to Linux/*NIX-type systems only.
  
  What to keep in mind?
  
  The simplicity of the DMZ concept makes it very powerful and prolific. A DMZ can be considered a safe-guard, although it is not a security measure by itself. However, with a tight and well-thought network infrastructure, IDS (intrusion detection systems) and IPS (intrusion prevention systems), it can become a barricade against attackers and unwanted or unneeded traffic.
• 

  Prasad Ajinkya

  Hey if this is the case, then ... the hardware sizing of my firewall becomes dependent upon the number of machines on my lan who desire to access the machines in the DMZ!!
• 

  Anil Jain

  Q1
  I did a small exercise.. Stopped the window firewall services.. in fact all the available firewalls on my system, and now when I tried to start the windows firewall, computer prompted a warning message that "firewall service is stopped do you want to start?"
  
  I click on No.
  
  Now for any Microsoft security update it tries to start windows firewall (which i have disabled), sometimes it throws an error/exception.
  Why any idea?
  
  Q2
  Sometime we unblock something/any website or application using windows firewall. After unblocking it for once windows firewall never blocks that application again, even if we will try after removing the entry from exception tab?
  Anything I am missing?
  
  Thanks,
  -Crazy
• 

  sshikhar21

  Hiii... friendster7
  u had posted a nice information
• 

  MiSs PiNk

  
  thnx
  
  really coOol info
  
  ​
• 

  Pranav Kathale

  Wow. 😁
  It's really a detailed information and full of knowledgeable stuff. Great. Now got the idea about the firewall.
  Thanks for posting such a nice thread. :smile:
  Keep updating.
  
  Members of CEan simply ROCKS!! 😁
• 

  Manish Goyal

  nice info dear
  But 1 question what is the concept of nmap??
  why it is required??
• 

  vishnu priya

  Really good info people!!!
• 

  inbapuvi

  Good information ya