Windows Firewall is an application designed to filter information transfer taking place between the computer system and the Internet. Its function is to block potentially harmful programs from entering the system. Depending on the Windows Firewall Network Typesetting, it can block programs from communicating over the connection. The different Firewall Networks are Public, Private, and Domain. You can either set a profile for the application or add programs to the list of allowed programs to allow communication.
Importance of Windows Firewall
Firewall works by monitoring and analyzing communications that have not been given permission. It is important because a connection to the Internet opens up your system to potential threat from the hundreds of millions of computers connected to the Internet. Some of the potential threats of an attack can include the following:
- Computer system crash
- Loss of control to the computer
- Compromising confidential data
If there is a Worm attack, many computers connected to the Internet can provide higher levels of privileges to the malicious program. It can copy itself to your system and attack other connected systems as well. Windows Firewall is designed to drop undesirable traffic and allow legitimate traffic. The precise of firewall rules is important to identify safe traffic and reduce risks.
Windows Firewall Network Types
There are 3 Windows Firewall network types. The definitions and explanations around the 3 are as follows:
- Public Network: This firewall setting applies to connections to domains using a public network. For example, when you connect to a network in a hotel, airport, or some other public place. In such a case, the Public network profile is recommended to be used. You don’t know about the security of such networks and cannot control it.
- Private Network: When it comes to Private Networks, Windows Firewall allows network discovery features. Your computer system is visible only to other systems on the same network. This allows access to various networked features including file sharing. It is usually more restrictive than the Domain network type.
- Domain Network: Domain network setting applies when a computer system gets connected to a domain controller that controls a Windows domain. Windows can automatically identify the networks for authentication of access to domain controller for specific domain in the category. It is not possible to place any other network within this category.
Windows Firewall makes use of NLA APIs for identification of each connected network type. It associates a firewall profile to each identified network. The profile is then configured for the specific network type. So, if it comes across a Wi-Fi hotspot in a public place, it will identify it as a Public network and assigns it the right Firewall profile. The Firewall settings for each connection depend on the Firewall profile that gets associated with that location.
Change Network Type
There is also an option to change network type in windows. For the latest version of windows 10, if you wish to know how to change network type windows 10, then there are various measures like:
- Update network adapter
- Change network adapter
- Update the drivers
- Check the router connection
How is Inbound Traffic Filtered
The default setting for Windows Firewall is to block all inbound traffic that has not been marked to be allowed by the user. The Public network profile doesn’t allow any incoming connections. This means high level of security when you connect to public or unknown networks. The Private and Domain profiles will allow some type of incoming traffic, including printer and file sharing.
When you install a Windows feature that cannot work without incoming connections, Firewall automatically enables the firewall rules. This can mean that you may not have to make any manual changes to the Firewall settings.
When you install a program that doesn’t enable the Firewall settings automatically, it will be required to manually set the rules. There are 2 ways in which you can set the rules:
- Windows Firewall accompanied by Advanced Security console
- Applying Group Policy rules from the same console
How is Outbound Traffic Filtered
When it comes to outbound traffic, Windows Firewall is configured to allow all the traffic. This is because the flow of outbound traffic is considered to have lesser potential threats compared to the flow of inbound traffic. There is still some level of risk associated with it.
Some of the potential threats associated with allowing unfiltered outbound traffic are as follows:
- If your computer system gets infected with a malware, the unfiltered outbound traffic can contain confidential data. This can include data like passwords, email messages, and database information.
- You or other users may use suspicious programs to send out data. This may cause confidential data to be sent knowingly or unknowingly.
- If your computer gets infected with viruses or worms, these malware can replicate and send out outbound traffic. Such malware are known to send out data to infect other systems. Once a system has been infected on a local network, further network attacks can cause the malware to spread to other systems on the same network.
All versions of Windows are set not to filter outbound traffic. However, a few versions have outbound filters designed for dealing with core networking services. This allows you to enable outbound filtering and maintain basic network functions at the same time. The default outbound traffic is enabled for the following communications:
- Group Policy communications
- DHCP requests
- Protocols like IPv6
- DNS requests
- Internet Group Management Protocol
If outbound communications are blocked by default, it will stop many Windows features from communicating on the network. This includes both built-in and installed applications. Some of the concerning points can include the following:
- Windows Update can no longer get updates
- Windows will not get fully activated across the Internet
- The system will not be able to send Simple Network Management Protocol alerts
If you are going to enable outbound communication filtering, make sure to test all the programs. It is important that certain applications function properly to allow the Windows to run effectively. Most programs are not designed to work with filtered outbound traffic. It will be required to create Firewall rules for such programs.
So, it is possible to make changes to Firewall profile rules. This means that often there are no clear lines of differentiation between the different Windows Firewall network types.