friendster7
friendster7
Branch Unspecified
30 Oct 2009

What is Windows Firewall?

Windows Firewall ​


[​IMG]


[​IMG]


What is Windows Firewall?

A firewall helps to keep your computer more secure. It restricts information that comes to your computer from other computers, giving you more control over the data on your computer and providing a line of defense against people or programs (including viruses and worms) that try to connect to your computer without invitation.

You can think of a firewall as a barrier that checks information (often called traffic) coming from the Internet or a network and then either turns it away or allows it to pass through to your computer, depending on your firewall settings.

[​IMG]


[​IMG]


See the following illustration:​

In Microsoft Windows XP Service Pack 2 (SP2), Windows Firewall is turned on by default. (However, some computer manufacturers and network administrators might turn it off.) You do not have to use Windows Firewall—you can install and run any firewall that you choose. Evaluate the features of other firewalls and then decide which firewall best meets your needs. If you choose to install and run another firewall, turn off Windows Firewall.

[​IMG]


How does it work?​

When someone on the Internet or a network tries to connect to your computer, we call that attempt an "unsolicited request." When your computer gets an unsolicited request, Windows Firewall blocks the connection. If you run a program such as an instant messaging program or a multiplayer network game that needs to receive information from the Internet or a network, the firewall asks if you want to block or unblock (allow) the connection. If you choose to unblock the connection, Windows Firewall creates an exception so that the firewall won't bother you when that program needs to receive information in the future.

[​IMG]


For example, if you are exchanging instant messages with someone who wants to send you a file (a photo, for example), Windows Firewall will ask you if you want to unblock the connection and allow the photo to reach your computer. Or, if you want to play a multiplayer network game with friends over the Internet, you can add the game as an exception so that the firewall will allow the game information to reach your computer.

[​IMG]


Although you can turn off Windows Firewall for specific Internet and network connections, doing this increases the risk that the security of your computer might be compromised.

[​IMG]


friendster7

friendster7

Branch Unspecified
10 years ago
[​IMG]

What Windows Firewall does and does not do?​

It does: It does not:
Help block computer viruses and worms from reaching your computer. Detect or disable computer viruses and worms if they are already on your computer. For that reason, you should also install antivirus software and keep it updated to help prevent viruses, worms, and other security threats from damaging your computer or using your computer to spread viruses to others.
Ask for your permission to block or unblock certain connection requests. Stop you from opening e-mail with dangerous attachments. Don't open e-mail attachments from senders that you don't know. Even if you know and trust the source of the e-mail you should still be cautious. If someone you know sends you an e-mail attachment, look at the subject line carefully before opening it. If the subject line is gibberish or does not make any sense to you, check with the sender before opening it.
Create a record (a security log), if you want one, that records successful and unsuccessful attempts to connect to your computer. This can be useful as a troubleshooting tool. If you want Windows Firewall to create a security log, see Enable security logging options. Block spam or unsolicited e-mail from appearing in your inbox. However, some e-mail programs can help you do this. Check the documentation for your e-mail program to learn more.
balumankala

balumankala

Branch Unspecified
10 years ago
Coool info yaar. thank u
Prasad Ajinkya

Prasad Ajinkya

Branch Unspecified
10 years ago
Awesome posts friendster. While you are at it, please tell us about demilitarized zones and why do we need DMZs.

And speaking of firewalls, its better to use any of the other firewalls other than windows firewall. The windows firewall is at the lowest of the lot in the hierarchy of firewalls. Personally speaking, iptables rock in linux.
eski_komut

eski_komut

Branch Unspecified
10 years ago
thanks friendster7,good sharing.
friendster7

friendster7

Branch Unspecified
10 years ago
In computer networking, DMZ is a firewall configuration for securing local area networks (LANs). In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet. One or more computers also run outside the firewall, in the DMZ. Those computers on the outside intercept traffic and broker requests for the rest of the LAN, adding an extra layer of protection for computers behind the firewall.
Traditional DMZs allow computers behind the firewall to initiate requests outbound to the DMZ. Computers in the DMZ in turn respond, forward or re-issue requests out to the Internet or other public network, as proxy servers do.(Many DMZ implementations, in fact, simply utilize a proxy server or servers as the computers within the DMZ.) The LAN firewall, though, prevents computers in the DMZ from initiating inbound requests. DMZ is a commonly-touted feature of home broadband routers. However, in most instances these features are not true DMZs. Broadband routers often implement a DMZ simply through additional firewall rules, meaning that incoming requests reach the firewall directly. In a true DMZ, incoming requests must first pass through a DMZ computer before reaching the firewall.
friendster7

friendster7

Branch Unspecified
10 years ago
How to Install a Demilitarized Zone for Your Servers

What is a Demilitarized Zone (DMZ)?

Common setups used for small and medium networks include a firewall that processes all the requests from the internal network (LAN) to the Internet and from the Internet to the LAN. This firewall is the only protection the internal network has in these setups and it handles any NAT (Network Address Translation), forwarding and filtering requests as necessary. In most cases, the firewall also runs public services accessible from the Internet, such as web services and e-mail services. Within such setups, the DMZ is thus installed on and limited, we may say, to the server.


Why use a DMZ?

A DMZ aims to secure the internal network from external access. It does so by isolating the public services (requiring any entity from the Internet to connect to your servers) from the local, private LAN machines in your network.

The most common method of implementing such a divider is by setting up a firewall with three network interfaces installed. The first one is used for the Internet connection, the second for the DMZ network and the third for the private LAN. Any inbound connections are automatically forwarded to the DMZ because the private LAN does not run any services and is not connectible. Therefore, setting up the DMZ helps isolate the LAN from any Internet attacks.


How to set a DMZ?

First of all, you need to decide what services will run on each machine. The DMZ is generally on a different network segment, both physically and logically. This means that you need to use a separate machine to host the services you want to make public (such as DNS, web, mail etc.). From the connectivity point of view, the DMZ will be located on a different subnet than the LAN.

Furthermore, NAT should be provided for the computers on the LAN in order to enable the Internet access for the client hosts. The clients should also be enabled to connect to the servers in the DMZ.

Here is how the final setup should look:
[​IMG]


Hardening the DMZ machines
Computers in the DMZ obviously need to be hardened as much as possible given the fact that they will be in the first line, right behind the firewall. Their position will prevent attacks on the LAN, but it may also increase the risk to get compromised.
Here is a list of methods that you can use to increase the security of your DMZ systems:
  • Disable all unnecessary services and dæmons;
  • Run services chrooted whenever possible;
  • Run services with unprivileged UIDs and GIDs whenever possible;
  • Delete or disable unnecessary user accounts;
  • Configure logging and check logs regularly;
  • Use your firewall's security policy and anti-IP-spoofing features.
The DMZ infrastructure can also be improved by adding multiple demilitarized zones with different security levels, depending on the number of systems and services being deployed on the network. These zones can be assembled in a tier-like structure so that the information is passed from one DMZ to another.

This type of network infrastructure is not the most secure way of protecting the private perimeter, but it is sometimes required. An example of such situation would be when a web server placed in a DMZ requires access to a database server over a secured port (and that port only) placed in a second DMZ. This database server could ultimately access some data found on the private LAN systems, if there is such a requirement. This way, the database is secured from public exposure, while keeping the web server accessible and the private LAN, isolated. Note: The above-listed methods apply to Linux/*NIX-type systems only.

What to keep in mind?

The simplicity of the DMZ concept makes it very powerful and prolific. A DMZ can be considered a safe-guard, although it is not a security measure by itself. However, with a tight and well-thought network infrastructure, IDS (intrusion detection systems) and IPS (intrusion prevention systems), it can become a barricade against attackers and unwanted or unneeded traffic.
Prasad Ajinkya

Prasad Ajinkya

Branch Unspecified
10 years ago
Hey if this is the case, then ... the hardware sizing of my firewall becomes dependent upon the number of machines on my lan who desire to access the machines in the DMZ!!
10 years ago
Q1
I did a small exercise.. Stopped the window firewall services.. in fact all the available firewalls on my system, and now when I tried to start the windows firewall, computer prompted a warning message that "firewall service is stopped do you want to start?"

I click on No.

Now for any Microsoft security update it tries to start windows firewall (which i have disabled), sometimes it throws an error/exception.
Why any idea?

Q2
Sometime we unblock something/any website or application using windows firewall. After unblocking it for once windows firewall never blocks that application again, even if we will try after removing the entry from exception tab?
Anything I am missing?

Thanks,
-Crazy
sshikhar21

sshikhar21

Branch Unspecified
10 years ago
Hiii... friendster7
u had posted a nice information
MiSs PiNk

MiSs PiNk

Branch Unspecified
10 years ago

thnx

really coOol info

Pranav Kathale

Pranav Kathale

Computer Science
9 years ago
Wow. 😁
It's really a detailed information and full of knowledgeable stuff. Great. Now got the idea about the firewall.
Thanks for posting such a nice thread. :smile:
Keep updating.

Members of CEan simply ROCKS!! 😁
Manish Goyal

Manish Goyal

Computer Science
9 years ago
nice info dear
But 1 question what is the concept of nmap??
why it is required??
vishnu priya

vishnu priya

Branch Unspecified
9 years ago
Really good info people!!!
inbapuvi

inbapuvi

Branch Unspecified
9 years ago
Good information ya

Share this content on your social channels -

Only logged in users can reply.