Misplaced Pages

Windows Firewall

Article snapshot taken from[REDACTED] with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

This is an old revision of this page, as edited by Konstable (talk | contribs) at 13:53, 7 September 2006 (Reverted edits by 205.159.237.66 to last version by AntiVandalBot). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Revision as of 13:53, 7 September 2006 by Konstable (talk | contribs) (Reverted edits by 205.159.237.66 to last version by AntiVandalBot)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)
File:Windows XP Firewall.png
Windows Firewall settings in Windows XP Service Pack 2
File:XPSP2 SecurityCenter.jpg
Windows XP Security Center settings shows an alert if the Firewall is turned off.

Windows Firewall is a personal firewall, included with Microsoft's Windows XP, Windows Server 2003, and Windows Vista operating systems.

Overview

When Windows XP was originally shipped in October 2001, it included a limited firewall called "Internet Connection Firewall". It was disabled by default due to concerns with backward compatibility, and the configuration screens were buried away in network configuration screens that many users never looked at. As a result, it was rarely used. In mid-2003, the Blaster worm attacked a large number of Windows machines, taking advantage of flaws in the RPC Windows service. Several months later, the Sasser worm would do something similar. The ongoing prevalence of these worms through 2004 would result in unpatched machines being infected within a matter of minutes. Because of these incidents, as well as other criticisms that Microsoft was not being proactive in protecting customers from threats, Microsoft decided to significantly improve both the functionality and the interface of Windows XP's built-in firewall, and rebrand it as, simply, "Windows Firewall".

Windows Firewall was first introduced as part of Windows XP Service Pack 2. Every type of network connection, whether it is wired, wireless, VPN, or even Firewire, has the firewall enabled by default, with some built-in exceptions to allow connections from machines on the local network. It also fixed a problem whereby the firewall policies would not be enabled on a network connection until several seconds after the connection itself was created, thereby creating a window of vulnerability. A number of additions were made to Group Policy, so that Windows system administrators could configure the Windows Firewall product on a company-wide level.

Windows Firewall turned out to be one of the two most significant reasons (the other being DCOM activation security ) that many corporations did not upgrade to Service Pack 2 in a timely fashion. Around the time of SP2's release, a number of Internet sites were reporting significant application compatibility issues, though the majority of those ended up being nothing more than ports that needed to be opened on the firewall so that components of distributed systems (typically back-up and antivirus solutions) could communicate.

In March 2005, Microsoft released Windows Server 2003 Service Pack 1, which incorporated the same improvements to the firewall product into their server operating system.

Windows Vista

Template:Beta software

File:Vista Firewall MMC.png
Screenshot of the Windows Firewall MMC console in Windows Vista December CTP 5270

The next version of Windows, Windows Vista, will significantly improve the firewall, to address a number of concerns around the flexibility of Windows Firewall in a corporate environment:

  • IPv6 connection filtering
  • Outbound packet filtering, reflecting increasing concerns about spyware and viruses that attempt to "phone home"
  • With the advanced packet filter, rules can also be specified for source and destination IP addresses and port ranges
  • Rules can be configured for services by its service name choosen by a list, without needing to specify the full path file name.
  • IPSec is fully integrated, allowing connections to be allowed or denied based on security certificates, Kerberos authentication, etc. Encryption can also be required for any kind of connection.
  • A new management console snap-in named Windows Firewall with Advanced Security which provides access to many advanced options, and enables remote administration.
  • Ability to have separate firewall profiles for when computers are domain-joined or connected to a private or public network. Support for the creation of rules for enforcing server and domain isolation policies
See also: Features new to Windows Vista

References

  1. These multiple vulnerabilities were fixed by Microsoft over the course of several months; Microsoft security bulletins MS03-026, MS03-039, and MS04-012 cover this in more detail.
  2. "Study: Unpatched PCs compromised in 20 minutes". CNet. 2004-08-17. Retrieved 2006-01-24. {{cite news}}: Check date values in: |date= (help)
  3. Joseph Davies (February, 2004). "Manually Configuring Windows Firewall in Windows XP Service Pack 2". The Cable Guy. MSDN Magazine. Retrieved January 24. {{cite web}}: Check date values in: |accessdate= and |year= (help); Unknown parameter |accessyear= ignored (|access-date= suggested) (help)CS1 maint: year (link)
  4. Microsoft (August, 2004). "Managing Windows XP Service Pack 2 Features Using Group Policy". Microsoft TechNet. Retrieved January 24. {{cite web}}: Check date values in: |accessdate= and |year= (help); Unknown parameter |accessyear= ignored (|access-date= suggested) (help)CS1 maint: year (link)
  5. Joseph Davies (January, 2006). "The New Windows Firewall in Windows Vista and Windows Server "Longhorn"". The Cable Guy. MSDN Magazine. Retrieved January 24. {{cite web}}: Check date values in: |accessdate= and |year= (help); Unknown parameter |accessyear= ignored (|access-date= suggested) (help)CS1 maint: year (link)

See also

External links

Categories:
Windows Firewall Add topic