Creating an Outbound Filter

By default, Windows Firewall allows all outbound traffic. Allowing outbound traffic is far less risky than allowing inbound traffic. However, outbound traffic still carries some risk:

Use the buttons below to navigate through the lesson

If malware infects a computer, it might send outbound traffic containing confidential data (such as content from a Microsoft SQL Server database, e-mail messages from a Microsoft Exchange server, or a list of passwords). Worms and viruses seek to replicate themselves. If they successfully infect a computer, they will attempt to send outbound traffic to infect other computers. After one computer on an intranet is infected, network attacks can allow malware to rapidly infect computers on an intranet. Users might use unapproved applications to send data to Internet resources and either knowingly or unknowingly transmit confidential data.

By default, all versions of Windows (including Windows Server 2008) do not filter outbound traffic. However, Windows Server 2008 does include outbound filters for core networking services, enabling you to quickly enable outbound filtering while retaining basic network functionality.

To create a new rule right click Outbound Rules. In the Following example we will create a port rule to block Limewire File sharing. Select New Rule. Select Rule Type. For this example Select Port. Then click Next. Type in Specific Local Ports 6346 the default port for Limewire.  Then click Next.

Select Block the Connection. Then click Next. Select All Profiles. Then click Next. Type in Name and Description for the new rule and click Finish.

Firewall Profiles

One of the most powerful ways to increase computer security is to configure a firewall scope. Using scopes, you can allow connections from your internal network and block connections from external networks. This can be used in the following ways:

For a server that is connected to the Internet, you can allow anyone on the Internet to connect to public services (such as the Web server) while allowing only users on your internal network to access private servers (such as Remote Desktop). For internal servers, you can allow connections only from the specific subnets that contain potential users. When planning such scope limitations, remember to include remote access subnets.

For outgoing connections, you can allow an application to connect to servers only on specific internal subnets. For example, you might allow SNMP traps to be sent to only your SNMP management servers. Similarly, you might allow a network backup application to connect to only your backup servers.

For mobile computers, you can allow specific communications (such as Remote Desktop) from only the subnets you use for management. For mobile computers, you can allow specific communications (such as Remote Desktop) from only the subnets you use for management. Profiles can be created for either Inbound or Outbound connections.

Right click the rule and select Properties. Select Scope and then These IP Addresses. Fill in the IP Address and click OK. The addresses have been added. Select These IP Addresses in remote IP address. Then click Add. Select Predefined set of computers. Select from the drop down list. Click OK. Click OK to complete.

Authorizing Connections

If you are using IPsec connection security in an Active Directory environment, you can also require the remote computer or user to be authorized before a connection can be established. For example, imagine that your organization had a custom accounting application that used TCP port 1073, but the application had no access control mechanism—any user who connected to the network service could access confidential accounting data. Using Windows Firewall connection authorization, you could limit inbound connections to users who are members of the Accounting group—adding access control to the application without writing any additional code.

Right click the rule to be configured and select Properties. Select Allow only secure connections. Select Require encryption, then select Users and Computers. Select Allow only connections from these users. Click Add. Click OK to complete. The connection is now secured.