Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


August 2006

Vista's Firewall

Take a look at the new features in Windows Firewall
From the August 2006 Edition
of Windows IT Pro
Jeff Fellinge
Feature
InstantDoc #50377
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Microsoft Management Console (MMC) Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Over the past few years, information security has taken center stage because of the publicity surrounding attacks that exploit vulnerable software or use email to coerce users into running nefarious software. In the past, attackers commonly exploited specific holes in software, and those exploits required remote access to the vulnerable system. Properly managed perimeter firewalls helped thwart many such Internet-borne attacks.

Nowadays, an attack is more likely to be an inside job. Employees aren't necessarily attackers; rather, trusted computers can become infected through a vector such as an email attachment and are then connected to your LAN. Attackers use a savvy combination of social engineering and technology to lure victims into installing spyware, a Trojan horse, or a worm. Once installed, malignant software can spread freely to other computers. By installing hostbased firewall software on individual computers, you can help block unknown and untrusted traffic from accessing your network's computers.

With Windows XP, Microsoft includes a basic firewall that was originally named Internet Connection Firewall and has recently been rebranded as Windows Firewall. The original version of Windows Firewall did a lot of things right, such as providing both command-line and Group Policy Object (GPO) configuration, but it fell short in areas such as robust rule customization and outbound-traffic filtering. The version of Windows Firewall that will ship with Windows Vista lets you configure restrictions by service and configure outbound connections. Let's take a look at the improvements Microsoft made to Windows Firewall as of the February 2006 Community Technology Preview (CTP) version of Vista. Keep in mind that some of these features might change by the time Vista rolls out.

A New MMC Snap-In
Vista's Windows Firewall straddles consumer and enterprise workstation environments by supporting powerful centralized administrative features while remaining easy to use. At first glance, you might not even notice any changes, because Microsoft tucked the new features in a new Microsoft Management Console (MMC) snap-in called Windows Firewall with Advanced Security, which Figure 1 shows. You can still configure the new features centrally, using Group Policy, or locally, using the Netsh command-line tool. Like other snap-ins, Windows Firewall with Advanced Security supports a remote option, which lets you manage the firewall features of local and remote computers.

One thing to keep in mind is that, although rules created in Control Panel show up in the snap-in, rules created or modified in the snap-in don't always show up in Control Panel. For example, if you use the snapin to edit a basic rule created in Control Panel, you won't be able to see or edit the rule in Control Panel.

Blocking Inbound and Outbound Connections
Vista's firewall blocks inbound traffic by default, so you'll need to configure Exceptions immediately if you choose to host network applications from your computer. (Exceptions are what Microsoft calls rules—or more technically, ACLs.)

Many third-party host-based firewalls warn you of a pending outbound connection and ask whether you want to permit the connection. According to your response, the firewall might create a rule for subsequent activity. However, Vista's firewall permits all outbound traffic by default. Creating Exceptions to block outbound traffic is easy but requires you to use the new snap-in. Most end users probably won't bother, but as an administrator, you'll want to become familiar with the Windows Firewall with Advanced Security snap-in so that you can configure its must-have features.

Accessing New Firewall Features
Most of the new firewall features became available in the December 2005 Vista CTP, although Microsoft made minor adjustments in the February CTP. You'll find adding the Windows Firewall with Advanced Security snap-in to be a familiar process. Click the Start icon, then type 

mmc

in the search box and press Enter. When prompted, click Allow to let MMC operate in a privileged mode. From the File menu, click Add/Remove Snap-in, select Windows Firewall with Advanced Security, and click Add. Select the computer you want to manage and click Finish, then OK.

The snap-in lets you manage all the firewall features. You can select Inbound Exceptions, Outbound Exceptions, Computer Connection Security, or Firewall Monitoring from the treeview pane and double-click an item to see additional options in the center pane. In the right-hand pane is a list of all available actions for the selected node. This layout makes configuring the firewall intuitive; for example, you can right-click a rule to enable or disable it, or select a rule to show a list of available actions in the righthand pane. Most actions take effect immediately, making troubleshooting quick and easy. To view and configure the firewall's properties, right-click Windows Firewall with Advanced Security in the treeview pane and select Properties.

If you're familiar with earlier versions of Windows Firewall, you'll notice that the new version retains the concept of domain and standard profiles. You can configure individual rules for each profile and Windows will automatically determine which profile to use. The domain profile is used when a computer is connected to a network within the computer's domain, such as an internal LAN. The standard profile is used in all other instances, such as when a computer is connected to an external network. You can configure the firewall's properties differently for the domain and standard profiles—for example, you might create a rule that allows inbound traffic to access your computer when you're connected to the LAN, and disallows access when you're on the road. You can also configure the firewall's default actions (such as blocking or permitting inbound and outbound connections) and IPsec settings (such as key exchange, which encryption and integrity algorithms to use, and authentication methods).

Learn by Example
Microsoft includes in Windows Firewall many preconfigured rules that are disabled by default, which makes it easy to follow Microsoft's preferred approach for creating or configuring an exception. All firewalls generally let you configure rules by allowing or restricting the use of specific protocols (e.g., TCP, UDP) and ports. But Windows Firewall also lets you restrict specific programs' and services' access to a protocol or port.

   Previous  [1]  2  3  Next 


Reader Comments
feggdgdgd

soulslit May 02, 2008 (Article Rating: )

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
Friday at PASS Europe 2006

Kevin talks about the closing day of the event and shares a funny Microsoft film. ...

More fun TechEd 2005 Resources

Kevin points out some more TechEd resources ...

What service packs and fixes are available?

...
Related Articles Managing Windows Firewall with VBScript
Security Whitepapers Protecting (You and) Your Data with Exchange Server 2007

Extended Validation SSL Certificates

Unauthorized applications: Taking back control
Related Events Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.

Job Openings in IT

ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

Microsoft Exchange & Windows Connections event returns to Las Vegas Nov 10 - 13
Connections returns to Las Vegas for this exciting event where each attendee will receive SQL Server 2008 standard with 1 CAL. Co-located with Microsoft ASP.NET, SQL Server, and SharePoint Connections with over 250 in-depth sessions.

Free Online Event! Virtualization:Get the Facts!
Register now and attend this free, live in-depth online conference on November 13 and 20, 2008, produced by Windows IT Pro. All registrants are eligible to receive a complimentary one-year digital subscription to Windows IT Pro (a $49.95 value)!

Check Out Hyper-V Video on ITTV
Watch Karen Forster's interview on Hyper-V's performance on ITTV.net.

Ease Your Scripting Pains with the Flexibility of PowerShell!
Join MVP Paul Robichaux on December 11, 2008 at 11:00 AM EDT as he equips you with PowerShell basics in 3 introductory lessons, each followed by a live Q&A session—all on your own computer!

Latest Advancements in SSL Technology
There are a variety of different kinds of SSL to explore to ensure customer data is kept confidential and secure. In this paper, we will discuss some of these SSL advances to help you decide which would be best for your organization.

PASS Community Summit 2008 in Seattle on Nov 18-21
The don’t-miss event for Microsoft SQL Server Professionals. Register now and you’ll enjoy top-notch Microsoft and Community speakers and more.



Solving PST Management Problems
In this white paper, read about the top PST issues and how to administer local/network PST Files.

Get Protected -- Data Protection Manager 2007
Protect your virtualized environment with Data Protection Manager

Order Your SQL Fundamentals CD Today!
Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.

Maximize Your SharePoint Investment: Get Your Data Moving
Watch this web seminar now to learn how to maximize your SharePoint investment! Join us as we take a look at the complex business of securing, accessing and managing vast amounts of information in a global network and various ways to get your data moving.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing