Windows Firewall

Windows Firewall and Internet Connection Sharing provides a barrier between your device and network connections to help reduce attacks by hackers, viruses, and worms across networks. All networked devices, not just devices connected to the Internet, are vulnerable to these attacks. These attacks may attempt to:

• Access personal information and data.
• Damage hardware, software, or data.
• Spread across networks, consuming memory or network bandwidth.

When you have added the Windows Firewall and Internet Connection Sharing component, there are several ways to enable and configure it:

• In Target Designer before building and deploying the image.
• With Group Policy, applied before or after building and deploying the image.
• With the Windows Firewall Control Panel component at the device. The Windows Firewall Control Panel component must be added separately in Target Designer.
• With NetShell commands. The NetShell component must be added separately in Target Designer.

Attempts to attack your device may start as soon as you have established network connections during First Boot. Adding and configuring the Windows Firewall and Internet Connection Sharing component in Target Designer so that it runs during First Boot processing reduces the window of vulnerability during and after First Boot.

You can configure the Windows Firewall to block all outside sources from connecting to the device, or you can open selected ports and mappings to allow specific services that you trust.

Even if your device is not intended for constant Internet or network connections, you may occasionally need to use Remote Access or Device Update Agent (DUA) to manage or update the device through your network server. By installing, enabling, and configuring Windows Firewall and Internet Connection Sharing, you can provide safer access to the device.

In This Section

• How to Configure Windows Firewall On a Run-Time Image
  Explains the steps to add and configure the Windows Firewall component, how to deploy and test the run-time image, and how to change the Windows Firewall configuration after it is deployed on a device.
• Adding the Windows Firewall Components to Your Configuration
  Describes how to add the Windows Firewall and Internet Connection Sharing component and the Windows Firewall Control Panel component to your configuration.
• Configuring Authorized Applications in Windows Firewall
  Describes how to set Windows Firewall to allow specific applications access from outside the device.
• Configuring ICMP Settings in Windows Firewall
  Describes how to turn Internet Control Message Protocol (ICMP) settings on or off. ICMP allows computers on a network to share error and status information.
• Configuring Ports to Allow Services Through Windows Firewall
  Describes how to configure port numbers and protocols to allow traffic from any Internet or local network location.
• Windows Firewall Configuration On a Deployed Device
  Describes different approaches for changing the Windows Firewall configuration on a deployed device.

Related Sections

• How to Protect your Run-Time Image
  Describes how adding additional security components such as Windows Firewall, DUA, and anti-virus software, can help to improve the security of your system.
• Remove Windows Firewall and Internet Connection Sharing Components
  Describes the Windows Firewall/Internet Connection Sharing (ICS) component that you can remove from your configuration.

Last updated on Wednesday, October 18, 2006

© 2006 Microsoft Corporation. All rights reserved.