Windows Firewall

Windows Firewall filters incoming traffic to help block unwanted network traffic. Optionally, Windows Firewall can also filter outgoing traffic to help limit the risk of malware. Although Windows Firewall’s default settings will work well with components built into Windows, they might prevent other applications from functioning correctly. Windows Firewall’s default settings can also be significantly improved to provide even stronger protection by requiring authorization or limiting the scope of allowed connections.

Use the buttons below to navigate through the lesson

Why Firewalls Are Important

In networking, firewalls analyze communications and drop packets that haven’t been specifically allowed. This is an important task because connecting to the Internet means any of the millions of other Internet-connected computers can attack you. A successful compromise or attack can crash a service or computer, compromise confidential data, or even allow the attacker to take complete control of the remote computer. In the case of worms, automated software attacks computers across the Internet, gains elevated privileges, copies itself to the compromised computer, and then begins attacking other computers (typically at random).

The purpose of a firewall is to drop unwanted traffic, such as traffic from worms, while allowing legitimate traffic, such as authorized file sharing. The more precisely you use firewall rules to identify legitimate traffic, the less you risk exposure to unwanted traffic from worms.

Firewall Profiles

When you create firewall rules to allow or block traffic, you can separately apply them to the Domain, Private, and Public profiles. These profiles enable mobile computers to allow incoming connections while connected to a domain network (for example, to allow incoming Remote Desktop connections) but block connection attempts on less-secure networks (such as public wireless hotspots).

Domain: Applies when a computer is connected to its Active Directory domain. Specifically, any time a member computer’s domain controller is accessible, this profile will be applied.

Private: Applies when a computer is connected to a private network location. By default, no networks are considered private—users must specifically mark a network location, such as their home office network, as private.

Public: The default profile applied to all networks when a domain controller is not available.
For example, the Public profile is applied when users connect to Wi-Fi hotspots at airports or coffee shops. By default, the Public profile allows outgoing connections but blocks all incoming traffic that is not part of an existing connection.

Most servers will always be connected to a domain environment. To ensure consistent operation even if a domain controller is not available, configure the same firewall rules for all three profiles when configuring a server.