Yes ghostie, I made the assumption the op had done that.
But you know what they say, never assume.
Well at least its win 7 and not 8 or 10!! Then it would be a real mess
.
I only mentioned it because i recently got a pc with Norton on, no way could i find port settings in the software or uninstall it! I ended up scrubbing the disk clean and putting my own OS on! I am looking at some my old win 7 tools for networks. I cant remember the name of the graphical one i used. Its really good at mapping......
Command line is ok, but simple graphical is nice for what is needed.
I cant help that much on this, most of what i have done in the last two years is occasional Red Team stuff. Obviously that has to be done with alot of different consents in place so isnt really an option.
One last point.......
With routers people get ancy about opening ports, there is a list of ports with KNOWN vulnerabilities on them, these tend to relate to operating system functions and calls. most so called hackers use programs designed to exploit these holes. programs in Kali Linux etc or Metasploit is the main tool used.
Very few O days are used outside of the pen test community, so the idea is look up metasploit lists and close or patch those holes.
A open port is not a problem for 90% of hacking, most so called hackers cant do a thing with a general open port, pc's dont work like that. if you come across someone who dosnt need metasploit, then dont fool yourself. if they want route they will get route in under an hour no matter who you are.
But honestly 99.9% of people are of no interest to real hackers, very few true black hats exist. Those that do make a great deal of money doing what they do legally.
Having said that.....
in the day and age of raspberry pi and VM's, i personally have a pi and VM as the front facing connection to my router, as Jim can confirm, if you look up my ip from here it always returns to a ISP head office address, however it also pretty much always looks like its from a really dodgy site! or a black listed ip.
I spoof my ip alot to use known black listed ip's, it stops most people wanting to scan what appears to be a ISP with a dodgy address
.
But using a VM and connected via that is 99.99% as safe as you get, if your VM gets infected just wipe it and reinstall, if the pi gets infected then sit back and enjoy the circles they go around in lol.