Support For Windows Vista
Free Help Forums
Vista FAQ
Vista Tips
Vista Articles
Vista Tutorials
Security Center
Relevant Links
Donate to Support 4 Vista
Home
Web Support4Vista

 

 

The Windows Vista Firewall

We all have heard at one time or another, about the Windows XP firewall and how useless it is. However true or untrue these statements are, they can effect the confidence of future Windows products security systems. This paper is intent upon educating the public on the facts of the subject matter. So, let's get with it...

<>The Difference:

No third party software can lay claim to the fact that the Windows Firewall starts its protection once the computer is turned on. Is that important you ask? Absolutely. If a capable malware program could turn itself on at the same time that the computer starts to boot, common sense would dictate the danger of this. Now, knowing the fact that the Vista firewall 'does' start at boot, we need to confidently know that it is going to protect from boot.

<>The Interface:

Microsoft and the Windows team have done something a little different with the Vista firewall. They have separated the firewall in to two different interfaces. The default interface is the basic one. At first glance, it looks identical to the Windows XP SP2 firewall. This basic interface is ON by default and loads basic settings for normal user protection. In most cases, this basic setting should work fine. Then they added an Advanced interface for the more security savvy individuals. This Advanced interface gives a greater flexibility over the firewalls settings.

<>The Basic Configuration:

As I mentioned earlier, the Vista firewall is turned on by default and will be set to a 'basic' configuration. In this configuration, the firewall works in tandem with the new Windows Service Hardening feature. If the firewall should detect a certain activity that is deemed a prohibited behavior according to the Windows Service Hardenings preset rules, the firewall will block this suspect activity.

To access the Vista Firewalls basic settings; Click the Windows button>> Control Panel>> Windows Firewall. With the Windows Firewall window open, you will see three tabs at the top; General, Exceptions and Advanced. Let's quickly discuss each tab separately:

<>General tab:

With this tab selected, you will see three possible settings; On (default), Block all programs and Off. The on and off selections are pretty self-explanatory, but the "Block all programs" option is very handy if you need to login to an unsecure public wi-fi network. With this option selected in this scenario, you will be completely protected.

<>Exceptions tab:

With this tab selected, you can view all of the programs that Windows has on its default block list. If you would like to unblock a certain program, just simply click the checkbox next to the programs name. Also, at the bottom of this window you will notice that you can add or delete programs. A little further down the window, you will notice an entry titled: "Tell me when Windows Firewall blocks a program". This is enabled by default, but if you would prefer not to get popup notifications regarding blocked programs, simply de-select this option and click Apply.

<>Advanced tab:

With this tab selected, you will see the available network connections on your system that can be protected by the Windows Firewall. When you see a checkmark next to the available network connection, you'll know that it is being protected. Unchecking, of course, removes the protection.

Also available under the Advanced tab is a "Security logging" feature. When you click the "Settings" button under the Security logging feature, you will be able to create and configure log files of either dropped packets or successful connections to your network and set maximum log sizes.

Another feature you'll notice is "ICMP" (Internet Control Message Protocol):

Here you are given a certain flexibility over how your computer is to respond to ICMP requests. When you click the Settings button, you will notice that the entry titled: "Allow incoming echo request" is the only entry selected (allowed). All other requests are not allowed by default.

The last available option under the Advanced tab is the "Default settings" options. When you click the "Restore Defaults" button, you will remove any previous settings changes that have been made and return the Windows Firewall back to its Default configuration. If you should get in to a little trouble while configuring your Basic settings, this is a good option to be aware of.

<>The Advanced Configuration:

This is where Microsoft has added a second completely separate interface for the Windows Firewall. In order to view and configure advanced settings, you will first need to create a custom MMC (Microsoft Management Console). The purpose for this is to dissuade any novice users from accessing these settings. If you would like to create a custom MMC, here's how:

  1. Click the Windows button

  2. In the Search box, enter: cmd

  3. Right click the Run Program and select "Run as administrator" from the resulting menu.

  4. In the Run window, type in: mmc.exe [Enter] or click OK.

  5. With MMC open, go to File>> Add/Remove Snap-in.

  6. Open the "Available Snap-ins" list and scroll the list to locate an entry titled: "Windows Firewall With Advanced Security".

  7. Click to select the entry and then click the "Add" button.

  8. Accept the default (Local Computer) from the Select Computer dialog box.

  9. Click Finish, then OK.

You will now be able to view the advanced settings in the MMC.

From within the MMC, you have a great deal of flexibility over your Windows Firewall. Some interesting configurations worth noting are:

<>Multiple Firewall Profiles:

More geared around portable computing, this available option allows you to configure three different profiles for different situations. As an example, if your are traveling and are using your laptop in a public unsecured wi-fi environment, you can enable your "Public" profile. Switch to your "Private" network configured profile when surfing at home, or rely upon your "Domain" configured profile for work. Each profile tab has the same available settings changes available.

Once you've clicked one of the profile tabs, you can turn the selected profile On or Off. You also have the flexibility over Inbound and Outbound connections. By default as we have learned earlier, outbound connections are allowed and Inbound connections are NOT allowed (selected 'exceptions' are allowed). In the MMC, you can change these settings to fit your personal needs.

<>IPSec Configuration:

Another tab you'll see along side each of the three profiles is the IPSec tab. IPSec (Internet Protocol Security) is a constantly developing security standard that provides for security of sensitive data that is transmitted over unprotected networks. With the IPSec tab selected, you can click the "Custom" button to configure these settings to fit your needs. Available configuration options are: Key Exchange, Data Protection and Authorization Method.

<>Connection Security Rules:

After you have setup all of your profiles and configured your IPSec settings, you're now ready to setup your connection security rules. You will be guided by a wizard that helps you create security rules to determine how and when secure connections are to be applied between an individual computer or even a group of computers. Some of the flexibilities you will have here are:

  • Isolate certain connections and restrict a connection based on a domains membership or health status.

  • Set up server-to-server authentication rules

  • Restrict certain connections

  • Exemplify certain computers from authentication

  • Create a custom rule when nothing available applies

Once you've created your rules, you can easily delete them by right clicking and selecting Delete. Or, you can save them for a later time by selecting Disable instead. To enable the disabled rule, simply right click it and select Enable.

<>Inbound/Outbound Rules:

Next, you can create rules to specify blocking or allowing certain programs or ports. You can modify the already existing preconfigured rules, or use the New Rule Wizard to help you create one from scratch. Some of the available options for Inbound/Outbound rules are:

  • Apply a rule to programs, ports or services and make the rule apply to all programs or to any one program.

  • Block all connections from a certain program or allow all connections from the same.

  • Allow for only secure connections and apply encryption to that connection to secure the transmitted data.

  • Configure source and destination IP addresses for both inbound and outbound traffic.

<>Rules Monitoring:

A very handy feature of the Advanced Security MMC is the monitoring feature. It lists all of your rules and their properties on one convenient page. You can even Export your rules list to a text file by clicking "Export List" from the right pane.

[Top]
 

Copyright © 2005-2008  Support 4 Vista. All rights reserved.
Usage of this site constitutes your acceptance of our Terms of Use
Terms of use   ﺍ   Privacy Policy