When should I enable a port or protocol through Firewall?
By default, when a program is allowed through Windows Live OneCare Firewall, it is given unlimited permission to create the inbound connections or outbound connections it needs. Certain programs or hardware services, however, might require you to enable a specific network protocol or open a network port in order for the program or service to function.
A network protocol is the special set of rules that programs use to communicate over the Internet. Windows Live OneCare Firewall supports TCP, UDP, TCP/UDP, and other protocols. The protocol you use depends on what the program or hardware service requires.
A network port is a way of creating a specific connection between a specific program or service on your computer and another program or service on the Internet or network. The program or service communicates across this connection using a specific network protocol.
By creating a specific connection, the two programs can communicate without interference from other programs.
For example, if you are installing a wireless print server on a home network, the print server might require you to open a port and use a specific protocol that will allow your computer to send printer data to the printer.
Windows Live OneCare has several built-in ports and protocols that you can enable or disable. The list includes:
- Internet Control Message Protocol (ICMP) outbound
- Internet Control Message Protocol (ICMP) inbound
- Internet Group Management Protocol (IGMP)
- General Routing Encapsulation (GRE)
- Encapsulating Security Payload (ESP)
By default, the Internet Control Message Protocol (ICMP) outbound port is turned on in Windows Live OneCare Firewall. These protocols are used for different reasons on your computer:
- ICMP outbound is used by some programs to check for network connection.
- ICMP inbound is used by some servers to check that is your computer online.
- IGMP is used by some media programs to watch live broadcast on the web.
- ESP may be used to enable VPN services, such as Nortel.
- GRE may be used to enable VPN services for Windows.
Risks of opening ports
In general, you should not open ports through the Windows Live OneCare Firewall unless you are instructed to do so by a Windows Live OneCare support professional, or unless the documentation of a trusted program or hardware provider requires it. Whenever you open a port, your computer becomes more vulnerable. Opening a port is like poking a hole through the Firewall. Malicious users often use software that scans the Internet looking for computers with open ports that might allow unprotected connections. The more open ports you have, the more your computer is exposed to these intruders.
To help decrease your security risk if you open ports, follow these guidelines:
- Only open a port when you really need it.
- Do not open more ports than you need to open.
- Never open a port for a program that you do not recognize.
- Close a port when you no longer need it to be open.