The Windows Firewall Service is a software solution.
The problem with a software solution is it can be changed or hacked. The best
firewall solution is a Hardware solution such as a dedicated server or router.
These instructions apply to Windows XP, Windows Vista, and Windows 7.
With that said it is hard to carry your router around with you from place to
place when you travel so the next best thing to not connecting at all is the built
in Windows Firewall.
When the service pack 2 for Windows XP came out it
included a Security Center, incorporated into the Security Center along with
Automatic Updates, Virus notification, is the Window Firewall Service. If your
computer is a desktop or you don't travel then a hardware solution is the best
and you can use the Windows
firewall in conjunction with the
hardware if there is no other software solution. If your business has a hardware
and software solution you will have to disable the Windows Firewall because it
will conflict with the network hardware/software firewall of the business and
you will not have access to the internet.
When you are traveling or don't have a hardware solution between your
computer and the internet the best solution is to turn on the 'Don't allow
exceptions' setting. You can do this from the Start/Control pane/Window
Firewall. This is on the General tab on the first window. Check the 'On'
(recommended) and then check the box 'Don't allow exceptions'.
By turning on 'Don't allow exceptions' setting the firewall will
rejectany queries in bound to your computer
from outside, that is any program trying to contact your computer will be
denied. This does not mean your computer is invisible on the internet, it
means that any attempt to connect to your computer will be refused. This is a
good thing because some virus/trojan/spyware programs try to contact computers,
when they find one open the do their dirty work and infect the computer. On the
other hand if your computer is already infected
the firewall can not protect your system from contacting the
virus / trojan / spyware
homeand giving away your data.
Bottom line is keep it clean! Especially if you
rely on the built in firewall.
Under the Exceptions tab you will find a generic list of programs that
are allowed to send/receive from the internet, uncheck any boxes you don't use.
You can add programs here that are not listed such as Eudora E-mail program, you
need to know the ports for the program if you add them to the list, some
programs will have the port assigned when they are installed and the Firewall
program can read the ports from the registry entry.
Things you should know about the Windows Firewall service:
Both the Security Center and the Firewall
services have to be running.
If you have Group Polices in a Domain environment they may disable the
Security Center and Firewall, if this is the case then you will need to contact
your Administrator to setup a 'roaming profile' that allows these
services to run when you are not connected to the domain.
If you use a VPN (Virtual Private Network) to connect to your work or a
special domain you have to know those ports to turn on the exception, this can
not be read from the registry because it is not there, the ports for the VPN are
located in the SAM file which you nor the Administrator of your domain can
access.
If you are using a Hardware only solution (such as a home network with a
router / firewall) you should
use the Windows Firewall also, but if your network has a hardware and a
software firewall solution and you use a 'Proxy' to get outside of the network
for internet access it will interfere with your access, that is why most
businesses that have a hardware and software firewall solution turn off both
Windows Firewall and Security services.
This site contains a lot of information. As
with any publication not all information is available due to space, time, or
subject constraints.
If you have a question that you did not find the answer
on this web site you a can
ask your question here and we will endeavor to get you the most up to date
answer possible!