General Firewall Question Vista

Discussion in 'other firewalls' started by rayres2007, Oct 10, 2012.

Thread Status:
Not open for further replies.
  1. rayres2007

    rayres2007 Registered Member

    Joined:
    Oct 10, 2012
    Posts:
    2
    Location:
    Ontario, Canada
    I am studying for my 70-620 exam (Installing and Configuring Vista) and have some questions about Firewall.

    I am confused about inbound and outbound rules. I know that only Windows Firewall with Advanced Security is needed to make outbound rules. However, I am confused as to the definition of outbound and inbound rules.

    I now that letting my friends use my FTP needs an inbound rule. But what I am confused on is uploading and downloading. If I upload something, does it always require an outbound rule only? What about downloading something? Is it always an inbound rule that is needed? Or do I need an outbound rule to be able to connect to the download source, and then an inbound rule to be able to actually download?

    The sample question I struggle with is, "You want to block a file-sharing program that is being used on several computers running Windows Vista that you are responsible for managing. You know the ports that the program uses.

    Which of the following steps could you take to ensure that users do not download or upload content using the program?"

    The answer indicates that, "only Windows Firewall with Advanced Security can be configured to block outbound traffic. This is done by configuring an outbound rule. An inbound rule is also necessary to block downloads."

    Thanks.

    Rob
     
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    It's not easy to answer these questions without confusing matters, but here goes. I'll do my best:

    You can download or upload files with a typical web browser. For example, you can download a program like CCleaner from FileHippo. You can also upload a file from your pc to a file sharing site like eg: RapidShare.

    Both of the above actions require only an outbound rule (of course an outbound rule is only needed if you have the firewall set up to block outbound by default).

    if you are downloading something, NO, your firewall only needs an outbound rule as I explained above.

    You only need an outbound rule to perform the entire process of downloading a file/program.

    I don't really like the wording on what I highlighted in red.

    First, however, let's start with the inbound rule; inbound rules are required for a service or process that listens on an port or ports and you want others outside of your network to connect to it, such as a file sharing program like eg: uTorrent.

    Remember when you download files/programs from the Internet? Well, you are able to download those files/programs because the source where you obtained them from has an inbound rule that allows you and others - outsiders if you will - to connect to their server to gain access to and download the file/program.

    It is your outbound rule that allows your browser to connect to the file/program source, and that source's inbound rule that allows you to access the file/program and download it to your pc. It can work the other way for you; you create an inbound rule to your file sharing application such as uTorrent, that allows other to download your file to themselves. this is why I don't like the wording in red.

    A typical inbound rule for uTorrent:

    Code:
    Rule Name:                            uTorrent (TCP-In)
    ----------------------------------------------------------------------
    Enabled:                              Yes
    Direction:                            In
    Profiles:                             Public
    Grouping:                             
    LocalIP:                              Any
    RemoteIP:                             Any
    Protocol:                             TCP
    LocalPort:                            6881-6889
    RemotePort:                           Any
    Edge traversal:                       Yes
    Action:                               Allow
    Edit: rule change

    forget the edge traversal. It's not important for the concepts. Note the protocol "TCP" and direction "In" to Local ports 6881-6889. Hope this makes sense. You can probably figure out a Block rule to deny outsiders the ability to download from your Torrent client.

    A typical Outbound rule for a web browser:

    Code:
    Rule Name:                            Firefox browser
    ----------------------------------------------------------------------
    Program:                              %ProgramFiles% (x86)\Mozilla Firefox\firefox.exe
    Enabled:                              Yes
    Direction:                            Out
    Profiles:                             Public
    Grouping:                             
    LocalIP:                              Any
    RemoteIP:                             Any
    Protocol:                             TCP
    LocalPort:                            Any
    RemotePort:                           80,443,554,1935,1755
    Edge traversal:                       No
    Action:                               Allow
    Notice I have it restricted to specific remote ports but any remote ip. My explanation is pretty simplistic but I don't want to get into too much potentially confusing detail.
     
    Last edited: Oct 10, 2012
  3. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    Windows Vista has a very basic firewall.

    You're better off installing a third party firewall for more configurable and secure protection.
     
  4. rayres2007

    rayres2007 Registered Member

    Joined:
    Oct 10, 2012
    Posts:
    2
    Location:
    Ontario, Canada
    Sorry for the delay in responding. I thought that I would receive an e-mail saying that a new response was posted. Thanks for your help.

    Rob
     
Loading...
Thread Status:
Not open for further replies.