The first thing to do is ensure that windows firewall is
enabled. To do this, click 'start->settings->control panel' and select
the windows firewall icon. Double click the icon and select the 'ON'
radio button. Select 'OK'. (you may be prompted to start the service,
select 'YES') If no icon is present, visit
the windows
update page.
If you don't use any special programs (outlook, apache, IIS, SQL, etc) you are pretty much done!
If you don't use Outlook + Exchange then you can skip this step.
The Outlook exchange combination uses a unique method of 'new mail
notification'. When you first start outlook, it negotiates random port
to talk with the Exchange server. During the session, the exchange
server will contact the outlook client unsolicited on the previously
negotiated port number. Because this port number is random, you can't
just add a port to the exceptions to allow it. To overcome this,
Windows Firewall allows you to add a program exception. This means
that traffic coming to a port opened by a particular application will
be allowed.
I have created a script that finds OUTLOOK.EXE on your C: and adds it as an exception. You can download it here:
Download this file to your desktop and double-click it. (NOTE: this is for CSE Exchange+Outlook only)
Add exception:
If you are running a special service that needs to respond to
requests from the network, you will have to manually configure these
exceptions. Take a look at
this
list of common ports if you aren't sure what port your service
runs on. (80=www, 25=SMTP)
Continuing from step 1, Click the exceptions tab. You will notice
that (if you are in a CSE domain) several options are selected and
grayed out. These are for administrative purposes. If you are on your
home network and want to add one of the pre-defined exceptions (File
and Printer Sharing for example) go ahead and select the box (please
read below about configuring the scope). Next, determine which kind of
exception is easier for you. IMHO, 'Program Exceptions' work better
for client type applications (like MS Outlook) and 'Port Exceptions'
work better for service type applications (like IIS and FTP). Click
the button that specifies which type of exception you want.
Depending on which type of exception you wanted to add, you will see one of the following screens. If you selected a
program exception, use the 'browse' button to find your application and select it. If you selected to add a port exception,
enter a name for your entry and specify the port (and port type). Proceed to configure the scope.
Configure the scope:
After you have completed the step(s) above, you should set the 'scope' for your open port. This determines
who can talk to your port. You should use the most restrictive policy possible to provide maximum protection.
"My Network (subnet) only" is a good choice for a home network that you want to use file & print sharing on. If you need
to provide service to more than one subnet, you can enter in a custom list. Only use 'any computer' if you absolutely need
too. (Like running WWW server)
Here is a custom list to include all CSE subnets:
128.208.1.0/24,128.208.2.0/24,128.208.3.0/24,128.208.4.0/24,128.208.5.0/24,128.208.6.0/24,128.208.127.0/24,128.208.8.0/24,128.208.52.0/24,128.95.1.0/24,128.95.2.0/24
you can cut and paste that into the 'custom list' field.
For more in-depth conversation about windows firewall, see 
CSE Home 