Chapter 11. Managing Windows Firewall

When Windows XP was introduced in 2001 it included a feature called Internet Connection Firewall (ICF). Unlike the TCP/IP Filtering that was included in prior Windows releases, ICF was a stateful, packet filtering firewall. It even blocked unsolicited SYN-ACK packets, but that was pretty much where its benefits stopped. To be fair, at the time, it was roughly at the stage where other host-based firewalls were, but it certainly was no leap forward.

Among the many shortcomings of ICF were:

  • Lack of central management

  • Single-profile — no separate settings for different networks

  • Not on at boot

In Windows XP Service Pack 2 (SP2) some of these shortcomings were addressed, and the Windows Firewall in Windows XP SP2 still is one of the lowest overhead, most reliable, and least intrusive firewall products available for Windows XP. In spite of this, it was still lacking a few features:

  • Limited integration with IPsec, including separate management interfaces

  • Strict source address mapping

  • ACLs on TCP and UDP ports

  • Outbound filtering

  • Extensibility

  • Support of more than two profiles

  • Scriptability

WHAT IS A SYN-ACK PACKET?

The most common network protocol in use today is Internet Protocol (IP), with some transport protocol on top. The most widely used transport protocol is the Transmission Control Protocol (TCP). The remainder of this chapter assumes you have a working knowledge of TCP/IP.

When using the TCP protocol, computers establish sessions. This is done with what is ...

Get WINDOWS VISTA™ SECURITY: Securing Vista Against Malicious Attacks now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial