538
|
Chapter 15: Protecting Your Computer with Windows Defender and Windows Firewall
Working with the Windows Firewall
With Windows Vista, Microsoft offers you the ability to manage Windows Firewall
in several different ways. You can manage the basic functionality of the firewall using
the Windows Firewall dialog box, and the advanced functionality of the firewall
using the Windows Firewall with Advanced Security console. This section looks at
the basic Windows Firewall. You’ll learn more about the advanced firewall in the
next section.
Windows Firewall Features and Improvements
When Windows Firewall was first introduced, it enabled built-in exceptions for stan-
dard connections such as local computer connections, but it disallowed most other
ports on the computer. In subsequent revisions, Microsoft added the ability to man-
age the firewall using Group Policy, enabling administrators to manage the feature
throughout an enterprise. Later, Microsoft implemented the same changes into Win-
dows Server 2003, which brought the same improvements to the server operating
system. Unfortunately, in order to correct some of the problems associated with
Windows Firewall, you often had to disable the product completely to make things
work efficiently on your computer—and that definitely was not good for computer
security.
Windows Vista offers significant improvements to Windows Firewall. Microsoft has
included many different upgrades, including IPv6 support, outbound packet filter-
ing, and a host of other improvements (see Table 15-3). Together, these features
offer great improvements over the Windows Firewall that was first introduced with
Windows XP. These new features also help alleviate the need to turn off Windows
Firewall, as you had to do with previous offerings of the product.
Table 15-3. Windows Firewall improvements
Improvement Description
IPv6 connection filtering Allows filtering of connections using the IPv6 protocol, previously unsupported
Outbound packet filtering Allows control of outbound ports, previously unsupported
Advanced packet filtering Allows filtering rules specified by source and destination IP addressing, or com-
plete port ranges
IPSec integration Manages connections through the use of IP Security (IPSec) and a certificate
Encryption requirement Manages connections through the ability to require encryption
Separate firewall policies for domains,
private, and public network enrollment
Manages rule enforcement based on the network enrollment of the computer
Management Console (MMC) New MMC snap-in, called Windows Firewall with Advanced Security
Working with the Windows Firewall
|
539
IPv6 connection filtering enables you to use the IPv6 protocol in a secure fashion.
This ability did not exist under Windows XP or subsequent versions of the firewall
product, including Windows Server 2003. With this improvement, you can migrate
to IPv6 without the security implications previously associated with this task. Now
the process should be considerably more secure thanks to Microsoft’s effort to
improve the quality of its firewall product.
Firewall rules for inbound packet filtering make up the majority of configuration
efforts on firewalls. These rules determine how network traffic flows through the
computer. You manage the flow of inbound and outbound traffic through these
rules. The firewall inspects the packets as the computer receives them, and then
determines based on the configured rules—how the computer will handle a particu-
lar packet. If Windows Firewall determines that the packet should be accepted, it
passes the packet along internally to the computer. If the packet does not meet the
requirements of the rule set, it discards the packet.
Outbound packet filtering enables you to manage outbound connections from your
computer. This option did not exist as part of the Windows Firewall in previous ver-
sions. Outbound packet filtering lets you keep spyware or malware from uploading
personal data that’s been collected. To use this type of functionality in the past, you
had to purchase a third-party application. Microsoft now offers this ability inher-
ently in the operating system. When the computer encounters a packet requesting
outbound access, Windows Firewall inspects the packet to determine its purpose,
verifies the packet against the firewall rules, and then either allows the packet to be
delivered or discards it completely.
Advanced packet filtering allows you to create rules associated with multiple IP
addresses. This feature gives you greater flexibility in managing connections using a
source or destination IP address. You even can manage a range of IP addresses for
connectivity to the computer. Before, you could filter with only a single IP address,
never a range of IP addresses. This is a marked improvement over previous versions
of the product.
IPSec integration arguably offers the greatest improvement in Windows Firewall.
Now you can manage connections using encryption. With IPSec integration, you can
require that a connection have the proper certificate in order to connect to the com-
puter. This allows for incredibly strong security and much greater flexibility when
transferring data among computers.
IPSec requires the use of certificates to transfer data. These certificates
use public and private keys to determine whether the connecting
entity has authorization to transfer data. This option makes transfer-
ring data much more secure among computers than before, especially
among computers connected across the Internet.

Get Windows Vista Security: Praxisorientierte Sicherheit für Profis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.