Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: windows 7 firewall what must be allowed to allow basic functionality

10 Feb 2016   #1
ron7000

Windows 7 x64, ultimate/pro/home, SLES x86 & ia64
 
 
windows 7 firewall what must be allowed to allow basic functionality

I was reading tutorial here about firewall... every new program you allow thru firewall makes you however much less secure -> don't let anything thru you don't recognize.

1) how do i know what is really needed? Is there a list somewhere explaining the minimal set of rules?
2) if i remove everything and let nothing thru, find i have nuked myself, can i restore default settings by one mouse click or do i have to remember everything i change? I don't want to have to reinstall windows to correct this, or at least know that's the solution before i mess things up.

for instance lets say i set up a pc running windows 7, and it's only function is to be a license server running 1 piece of software. After a clean install from a Windows 7 dvd, I do nothing else but copy my 1 MB license server program to it from a cd.
And let's say the only thing i do is online windows updates after the clean install, then i plan on never needing any internet or other networking functionality... so i remove everything from the firewall rules meaning EVERYTHING is blocked.
Then if i add my one rule opening tcp port # for the license server to work on, will that work?
Or do i need a handful of rules always there for things to work, if so what are they?
thanks.


My System SpecsSystem Spec
.
14 Feb 2016   #2
Alejandro85

Windows 7 Ultimate x64
 
 

That's a very good strategy for minimizing attack surface on servers, and even on normal desktop computers if you really know what you're doing, just open the bare minimum needed and nothing else.

If all that server does is running this program, then in theory it can run just just one incoming rule and no outgoing ones at all (assuming this program doesn't does any further connections). Each rule you add will add more permissions for networking, but the exact set you need is strictly defined by what you run on the computer.


Quote   Quote: Originally Posted by ron7000 View Post
1) how do i know what is really needed? Is there a list somewhere explaining the minimal set of rules?
There is no "minimal" rules at all, it entirely depends on what you do on the computer. For a server, needs are different from workstations, but the general process is pretty much the same, just look at the programs you run, determine what each one needs and open those ports. Plus, the basic network infrastructure services almost always needed.


Quote   Quote: Originally Posted by ron7000 View Post
2) if i remove everything and let nothing thru, find i have nuked myself, can i restore default settings by one mouse click or do i have to remember everything i change? I don't want to have to reinstall windows to correct this, or at least know that's the solution before i mess things up.
Speaking specifically about Windows Firewall, you can always revert to the default settings (that pretty much equal to it being disabled). You can also completely disable it if you looked you out accidentally, then reconfigure to allow at least the most basic things and try again. No need to nuke the computer for a configuration mistake.



For your specific case, the "bare minimum" would be one single incoming rule allowing that licensing server program to receive connections. I would however add a few more rules to allow other basic operations on the computer:
- Allowing remote control of servers is a typical requirement. Remote desktop is frequently used on Windows (incoming TCP 3389, at least from the local network)
- You may want to allow further updates to be installed on the server, specially if it's internet-facing. For this you will need DNS access (outgoing UDP 53) and allow Windows Update service unlimited TCP connections.
- You may want to allow pinging the server from the local network
- Under some circumstances, allowing browsing from the server for maintenance can ease some administrative tasks, in that case you need outgoing TCP 80 and 443 on your browser process.

Some others maybe can be useful, but can't remember anything right now. In general, the idea is to carefully observe each rule you add and what purpose it fulfills, and remove everything else. Starting from a blank firewall (which effectively isolates you from the network) is a good starting point, then progressively enabling needed services.
My System SpecsSystem Spec
Reply

 windows 7 firewall what must be allowed to allow basic functionality




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Windows Personal Firewall service and Mcafee firewall not turning on
I have been dealin with this 2 days now and went through all the steps recommended by Microsoft... even downloaded Virtual tech for mcafee and FIx it for MS none worked. went to google to try to follow other advises and tried to do malware removal . after it i followed these steps: Download both...
System Security
Trouble creating basic drive for Windows 7 reinstall Dynamic to Basic
Windows 8 is the default and only OS on this laptop. Please do not suggest restore or backups - they do not exist. I am trying to reinstall a fresh Windows 7 back into this laptop for dual boot purposes. I have a Win7 ISO all ready to go on a flash drive. The problem is... I cannot get the 20GB...
Installation & Setup
Basic failure of functionality in themes
This should be simple, shouldn't have required any digging, patching, registry editing, 3rd party software, or any other rigamarole, and yet here I am. All I want is for windows to accept a background image and not make up it's own mind about resetting it to a solid color every 10 minutes. I...
Themes and Styles
Why is IE on Firewall Allowed Programs?
Hi all, I have just noticed that IE was on the Windows Firewall Allowed Programs list, I unchecked and deleted it from the Allowed list because it was not there when I first got this laptop and as far as I'm concerned, never needs to be on the Allowed list! I have been running Microsoft...
Browsers & Mail
should system process[ ntkrnlpa.exe] be allowed through firewall?
upon checking my norton internet security 2011 logs i noticed that norton was blocking the system process from accessing the net , is this right, doesnt that file need net access, im pretty sure the file isnt corrupt as ive scanned with superantispyware,malwarebytes,hitman pro, and did a full...
Performance & Maintenance
Do my allowed programs in Firewall look okay?
I want to make sure I'm not blocking anything that could slow my internet or computer performance down. http://i46.tinypic.com/2ccxlx3.png http://www.sevenforums.com/images/statusicon/wol_error.gifThis image has been resized. Click this bar to view the full image. The original image is sized...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:47.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App