If you use the Internet, a firewall is a must-have security tool. It’s not the only tool you need, but it’s an important one. It protects your computer from hackers and worms. Hackers are people and programs that would attempt to access your computer through the Internet without you knowing it. Worms are bad programs, like viruses, that are usually written to do intentional harm. Windows Vista comes with its own built-in firewall. If you didn’t know about it before going online, relax. It’s enabled by default. So most likely it’s been protecting you since the very first moment you went online. In this article, you learn how the firewall works and how to configure it for maximum protection.

How Firewalls Work

To understand what a firewall is, you need to first understand what a network connection is. Even though you have only one skinny wire connecting your computer to the Internet (through a phone line or cable outlet), that connection actually consists of 65,535 ports. Each port can simultaneously carry on its own conversation with the outside world. So, theoretically, you could have 65,535 things going on at a time. But of course, nobody ever has that much going on all at once. One, or maybe a few, ports is more like it. The ports are divided into two categories: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). TCP is generally used to send text and pictures (Web pages and e-mail), and includes some error checking to make sure all the information that’s received by a computer matches what the sending computer sent. UDP works more like broadcast TV or radio, where the information is just sent out and there is no error checking. UDP is generally used for real-time communications, such as voice conversations and radio broadcasts sent over the Net.

Each port has two directions: incoming (or ingress) and outgoing (or egress). The direction is in relation to stuff coming into your computer from the outside: namely the Internet. It’s the stuff coming into your computer that you have to watch out for. But you can’t close all ports to all incoming traffic. If you did, there’d be no way to get the good stuff in. But you don’t want to let everything in either. You need a way to separate the wheat from the chaff so to speak—a way to let in the good stuff while keeping out the bad stuff. Anti-spyware and antivirus software are good tools for keeping out viruses and other bad things that are attached to files coming into your computer. But hackers can actually sneak worms and other bad things in through unprotected ports without there even being a file involved in the process. That’s where the firewall comes into play.

A stateful firewall, like the one that comes with Windows Vista, keeps track of everything you request. When traffic from the Internet wants to come in through a port, the firewall checks to make sure the traffic is something you requested. If it isn’t, the firewall assumes this is a hacker trying to sneak something in without your knowing it, and therefore prevents the traffic from entering your computer. So, there’s really more to it than just having a port open or closed. It’s also about filtering. About making sure that data coming into an open port is something you requested and not some rogue uninvited traffic sent by some hacker. Many of the worms that infected so many computers in the 1990s did so by sneaking in undetected through unfiltered ports. These days, you really want to make sure you have a firewall up whenever you go online to prevent such things.

What a firewall doesn’t protect against

It’s important to understand that a firewall alone is not sufficient protection against all Internet threats. A firewall is just one component in a larger defense system. Specifically: - A firewall doesn’t protect you from spyware and viruses. See Article 8 for more information on that protection. - A firewall doesn’t protect you from attacks based on exploits. Automatic updates provide that protection. - A firewall doesn’t protect you from pop-up ads.

A firewall doesn’t protect you from phishing scams.

A firewall doesn’t protect you from spam (junk e-mail).

See Article 18 for tools and techniques on managing spam with Windows Mail. So a firewall isn’t a complete solution. Rather, it’s an important component of a larger security strategy.

Introducing Security Center

In Windows Vista Before you get into Windows Firewall, take a look at the Security Center. As its name implies, this is a single point of administration for most of your PC’s security. You can open the Security Center in several ways. Use whichever is most convenient for you: - Double-click the Windows Security Alerts (shield) icon in the Notification area. - If you see a Security Center alert above the Notification area, click that alert. - Tap the Windows key, type sec, and click Security Center. - Click the Start button, choose Control Panel, click Security, and then click Security Center. - In the Welcome Center, click Show More Details, and click Security Center in the left column. Whichever method you use, the Security Center opens. I clicked the arrow button to the right of each heading so you can see the descriptive text under each heading. You can click that button to show or hide the same descriptive text. By default, Windows Firewall is turned on and working at all times, so your Security Center should show “On” in the Firewall box. If yours shows “Off” or “Not Monitored,” it might be because you have a third-party firewall program running in place of Windows Firewall. There are many such programs available, such as McAfee, Symantec (Norton), Gibson Research, and other companies. If your firewall is turned off, and you don’t know why, it would be good to find out—perhaps from your computer manufacturer or someone who knows. If you don’t have any firewall up, you should definitely turn on Windows Firewall.

There is no advantage to having two or more firewalls running simultaneously. In fact, more than one firewall is likely to cause unnecessary problems.

Turning Windows Firewall on or off

To turn Windows Firewall on or off, you must have administrative privileges. In the left column of the Security Center, click Windows Firewall. You see options for controlling the firewall. Click Change Settings or Turn Windows Firewall On or Off in that window to see the options.

Use the Block All Programs checkbox only to temporarily disable exceptions when connecting to public Wi-Fi networks. There’s more on that topic in the sections to follow. If you have a third-party firewall that you feel is more secure than the Windows Firewall, you can choose the Off option to turn off Windows Firewall. Just make sure you have a firewall up when you go online. Otherwise you won’t have anything to stop uninvited traffic on your network connection.

Making Exceptions to Firewall Protection

When Windows Firewall is turned on and running, you don’t really have to do anything special to use it. It will be on constant vigil, automatically protecting your computer from hackers and worms trying to sneak in through unprotected ports. Ports for common Internet tasks like e-mail and the Web will be open and monitored so you can easily use those programs safely. Internet programs that don’t use standard e-mail and Web ports may require that you create an exception to the default firewall rules. Examples include instant messaging programs and some online games. When you try to use such a program, Windows Firewall will display a security alert.

The message doesn’t mean the program is “bad.” It just means that to use the program, the Firewall has to open a port. If you want to use the program, go ahead and click Unblock. If you don’t recognize the program name and publisher shown, choose Keep Blocking. If you’re not sure what you want to do and want to look into the program some more, click Ask Me Later. Unblocking a port doesn’t leave it wide open. It just creates a new rule that allows that one program to use the port. You’re still protected because the port is closed when you’re not using that specific program. The port is also closed to programs other than the one for which you unblocked the port. Should you change your mind in the future, you can always reblock the port as described in the next section.

Manually configuring firewall exceptions Normally when you try to use a program that needs to work through the firewall, you get a message. Occasionally you might need, or want, to manually block or unblock a port.

IP Addresses on Home/Office Networks When you set up a network using the Network Setup Wizard described in Part X of this book, each computer is automatically assigned a 192.168.0.x IP address, where x is unique to each computer. For example, if the computers are sharing a single Internet connection, the first computer will be 192.168.0.1, the second computer you add will be 192.168.0.2, and so forth (although that last number could vary). All computers will have the same subnet mask of 255.255.255.0. The subnet mask just tells the computer that the first three numbers are part of the network address (the address of your network as a whole), and the last number refers to a specific host (computer) on that network. The 192.168 . . . addresses are called private addresses because they cannot be accessed directly from the Internet. To see the IP address of a computer on your local network, go to that computer, click the Start button, and choose All Programs  ->  Accessories  ->  Command Prompt. At the command prompt, type ipconfig /all, and press Enter. You’ll see the computer’s IP address and subnet mask listed along with other Internet Protocol data.

After you’ve defined a program, port, or scope, click OK as necessary to work your way back to the Exceptions tab. The item you specified appears in the list of Programs and Services. Its checkbox will be checked, indicating that the port is open so the program works through the firewall. Disabling, changing, and deleting exceptions The checkboxes in the Exceptions list indicate whether the exception is enabled or disabled. When you clear a checkbox, the exception is disabled and traffic through the port is rejected. This makes it relatively easy to enable and disable the port on an as-needed basis, because the program name always remains in the list of exceptions. To change the scope of an exception in your exceptions list, click the exception name and click the Edit button. Then, click the Change Scope button and choose your new scope. To remove a program from the exceptions list, and stop accepting unsolicited traffic through its port, click the exception name, and then click the Delete button.

Advanced firewall settings

The Advanced tab of the Windows Firewall dialog box, lets you choose the network cards you want the firewall to protect. If you have multiple network interface cards, you should select them all, unless you have some good reason for leaving one unprotected. The Restore Defaults button lets you change the firewall back to its original settings. That’ll come in handy if you ever mess things up while manually configuring options and just want to get back to square one.

A firewall is an important component of a larger overall security strategy. Windows Vista comes with a built-in firewall that’s turned on and working from the moment you first start your computer. The firewall is automatically configured to prevent unsolicited Internet traffic from getting into your computer, thereby protecting you from worms and other hack attempts. The Vista firewall also provides advanced options for professional network and security administrators who need more granular control over its behavior.

- A firewall protects your computer from unsolicited network traffic, which is a major cause of worms and other hack attempts.

- A firewall will not protect your computer from viruses, pop-up ads, or junk e-mail.

- You don’t need to configure the firewall to use standard Internet services like the Web and e-mail. Those will work through the firewall automatically.

- When you start an Internet program that needs access to the Internet through a closed port, you’ll be given a security alert with options to Unblock, or Keep Blocking, the port. You must choose Unblock to use that program.

- Windows Firewall is one of the programs in the Security Center. To open Security Center, click the Start button and choose Control Panel -> Security -> Security Center.

- From the Start menu, you can search for fire to get to Windows Firewall configuration options.

- Exceptions in Windows Firewall are programs that are allowed to work through the firewall. - Professional network and security administrators can configure Windows Firewall through the Windows Firewall with Advanced Security console in Administrative Tools.