Vista Firewall

The windows vista firewall is a two-part firewall. You have the minimal options that are set fourth in the basic of settings found in the control pabel. And, you have the more advanced settings found in the Administrative Settings. In this instance, we are using windows vista business edition for our documentation. Below will start you off with what you need to get to and configure the firewall:

Advanced Settings Part II

Because windows vista does not allow us to modify the information directly, and they did split the firewall into two seperate sections, we need to load the other end of the firewall. If you are unfamiliar on how to do this, we will redisplay the steps to get back into the control panel, and into the administrative settings:

Now that we've gone back into the control panel; we now need to start the process of gaining access to the secondary portion of the windows vista firewall. Now, if we want to modify anything and the windows alert comes up (with respect to the annoying windows account control) agree to it, and press onward.

The next set we will take a look at are the, inbound, and outbound rules. Below, they appear in order:

When we click on the inbound rules, we are greeted with the options of the inbound tier. Here, we've already pre-configured the access and you can follow along with us. Mind you, these options are quite stringent and will disallow and discourage the access of outsiders to this computer. If you have any issues, tinkering around with these options will be your best bet; or checking your network settings.

So, for this we will be clicking on the upper right hand corner where it states "New Rule." The graphic below demonstrates this, and the following screen that we will be using.

Clicking on the inbound rules a new window will appear
Make sure you've clicked on the "Inbound Rules" in the upper left hand side of the firewall settings as shown here:

Displaying the inbound rules you'd need to select before modifying rule sets.

Configuring Outbound Rules

Many users and network administrators (said for those of admins who are dressed up security professionals, too) do not understand the implementations of firewalls and how to provide such access (given many firewalls of low grade status will not provide much protection). This is said true to the simple fact that they feel many attacks do come from the inbound protocols. However, they are forgetting that many applications do in fact create reverse connections, and connect outward to the internet. This might sound like much of a big deal however, it is. Configuring a firewall with only filtrations being provided on inbound rules is a major mistake.

When attempting to create a firewall policy always understand which connections you will be connecting to and utilizing outside the network. Do you surf web locations? If so, you'd need access to ports 80 and 443. If you utilize mail, you'd need access to 143 and other ports, as well. Also, don't forget that many web browsers will utilize port 53 for DNS checks so this port may need to be open as well! In this instance you will notice that your web browser does not connect to the site you are attempting to visit.

As we can see in the above, we have the "outbound" rules circled in red. from here, if we click on the "New rule..." option to the far right (not shown in the above picture -- see previous inbound rules for more information) we can create new connections to the internet from the local box. This section will walk you through creating such options.

Hardening Inbound Rules

The entire point of inbound rules is to know exactly which rules will be condemed as "safe." Why? Because these rules will allow traffic to flow into our network in which we'd need to perform daily operations, or to keep our computers and networks going even when we aren't doing any work. So, how would we know what tests to perform that will determine which ports we have open, and which ports we need to close? The answer to this question is not so simple.

In order to understand which rules you'd need to enable for inbound traffic there are a number of tools to help you do this. The first tool you can utilize is Ethereal / Wireshark, the last tool you can use is nmap. Why do we need these tools? 1) Wireshark can tell you which ports are piping out most of your traffic, and also tell you what incoming traffic is requesting. In order for you to understand these data sets you'd need to learn how to read wireshark output. 2) you can use Nmap which is a bit more friendly (given you know how to work the command line) however, nmap will require 2 scan types. The first scan will need to be conducted over the internet inbound to your computer, and the second will need to be conducted from your computer / network out to an additional computer. The benefits of each scan type dictate the effectiveness of your firewall. Inound ofcourse is your inbound traffic, and outbound is ofcourse your rules to deny / allow outbound traffic.

When you've created a new rule, you can also fine tune the rule settings. In the rule we've created for RDP (inbound) if you double-click the rule name you will see a new configurations window.

Below is a collection of firewall rules that have been modified. In order to match your rules as to ours, please click on the following tab at the top:

Once this is clicked upon, you will see the following (in this order with the applied rules [enabled / disabled]).