Windows Firewall
Encyclopedia
Windows Firewall is a software component of Microsoft Windows that provides firewalling
and packet filtering functions. It was first included in Windows XP
and Windows Server 2003
. Prior to the release of Windows XP Service Pack 2 in 2004, it was known as Internet Connection Firewall.
attacked a large number of Windows machines, taking advantage of flaws in the RPC
Windows service. Several months later, the Sasser worm
did something similar. The ongoing prevalence of these worms through 2004 resulted in unpatched machines being infected within a matter of minutes. Because of these incidents, as well as other criticisms that Microsoft was not being active in protecting customers from threats, Microsoft decided to significantly improve both the functionality and the interface of Windows XP's built-in firewall, and rebrand it as Windows Firewall.
Security log
capabilities are included, which can record IP address
es and other data relating to connections originating from the home or office network or the Internet. It can record both dropped packets and successful connections. This can be used, for instance, to track every time a computer on the network connects to a website. This security log is not enabled by default; the administrator must enable it.
Windows Firewall was first introduced as part of Windows XP Service Pack 2. Every type of network connection, whether it is wired, wireless, VPN, or even FireWire, has the firewall enabled by default, with some built-in exceptions to allow connections from machines on the local network. It also fixed a problem whereby the firewall policies would not be enabled on a network connection until several seconds after the connection itself was created, thereby creating a window of vulnerability. A number of additions were made to Group Policy
, so that Windows system administrators could configure the Windows Firewall product on a company-wide level. XP's Windows Firewall cannot block outbound connections; it is only capable of blocking inbound ones.
Windows Firewall turned out to be one of the two most significant reasons (the other being DCOM
activation security) that many corporations did not upgrade to Service Pack 2 in a timely fashion. Around the time of SP2's release, a number of Internet sites were reporting significant application compatibility issues, though the majority of those ended up being nothing more than ports that needed to be opened on the firewall so that components of distributed systems (typically backup and antivirus solutions) could communicate.
Note that the DCOM problem can be solved by moving applications to DComLab's ComBridge protocol.
significantly improves the firewall to address a number of concerns around the flexibility of Windows Firewall in a corporate environment:
and Windows 7 contains some improvements, such as multiple active profiles.
Firewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
and packet filtering functions. It was first included in Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
and Windows Server 2003
Windows Server 2003
Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005...
. Prior to the release of Windows XP Service Pack 2 in 2004, it was known as Internet Connection Firewall.
Overview
When Windows XP was originally shipped in October 2001, it included a limited firewall called "Internet Connection Firewall". It was disabled by default due to concerns with backward compatibility, and the configuration screens were buried away in network configuration screens that many users never looked at. As a result, it was rarely used. In mid-2003, the Blaster wormBlaster (computer worm)
The Blaster Worm was a computer worm that spread on computers running the Microsoft operating systems: Windows XP and Windows 2000, during August 2003....
attacked a large number of Windows machines, taking advantage of flaws in the RPC
Remote procedure call
In computer science, a remote procedure call is an inter-process communication that allows a computer program to cause a subroutine or procedure to execute in another address space without the programmer explicitly coding the details for this remote interaction...
Windows service. Several months later, the Sasser worm
Sasser (computer worm)
Sasser is a computer worm that affects computers running vulnerable versions of the Microsoft operating systems Windows XP and Windows 2000. Sasser spreads by exploiting the system through a vulnerable network port...
did something similar. The ongoing prevalence of these worms through 2004 resulted in unpatched machines being infected within a matter of minutes. Because of these incidents, as well as other criticisms that Microsoft was not being active in protecting customers from threats, Microsoft decided to significantly improve both the functionality and the interface of Windows XP's built-in firewall, and rebrand it as Windows Firewall.
Security log
Security log
A security log is used to track security-related information on a computer system. Examples include:* Windows Security Log* Internet Connection Firewall security log...
capabilities are included, which can record IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
es and other data relating to connections originating from the home or office network or the Internet. It can record both dropped packets and successful connections. This can be used, for instance, to track every time a computer on the network connects to a website. This security log is not enabled by default; the administrator must enable it.
Windows XP
Group Policy
Group Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules that control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and...
, so that Windows system administrators could configure the Windows Firewall product on a company-wide level. XP's Windows Firewall cannot block outbound connections; it is only capable of blocking inbound ones.
Windows Firewall turned out to be one of the two most significant reasons (the other being DCOM
Distributed component object model
Distributed Component Object Model is a proprietary Microsoft technology for communication among software components distributed across networked computers. DCOM, which originally was called "Network OLE", extends Microsoft's COM, and provides the communication substrate under Microsoft's COM+...
activation security) that many corporations did not upgrade to Service Pack 2 in a timely fashion. Around the time of SP2's release, a number of Internet sites were reporting significant application compatibility issues, though the majority of those ended up being nothing more than ports that needed to be opened on the firewall so that components of distributed systems (typically backup and antivirus solutions) could communicate.
Note that the DCOM problem can be solved by moving applications to DComLab's ComBridge protocol.
Windows Vista
Windows VistaWindows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
significantly improves the firewall to address a number of concerns around the flexibility of Windows Firewall in a corporate environment:
- The firewall is based on the Windows Filtering PlatformWindows Filtering PlatformWindows Filtering Platform is a set of system services and an application programming interface introduced with Windows Vista that allows applications to tie into the packet processing and filtering pipeline of the new network stack. It provides features such as integrated communication and it can...
. - A new management consoleMicrosoft Management ConsoleMicrosoft Management Console is a component of Windows 2000 and its successors that provides system administrators and advanced users an interface for configuring and monitoring the system.- Snap-ins and consoles :...
snap-in named Windows Firewall with Advanced Security which provides access to many advanced options, and enables remote administration. This can be accessed via Start -> Control Panel -> Administrative Tools -> Windows Firewall with Advanced Security, or by running "wf.msc" - Outbound packet filtering, reflecting increasing concerns about spywareSpywareSpyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
and virusesComputer virusA computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
that attempt to "phone home". Outbound rules are configured using the management console. Notifications are not shown however for outbound connections. - With the advanced packet filter, rules can also be specified for source and destination IP addresses and port ranges.
- Rules can be configured for services by its service name chosen by a list, without needing to specify the full path file name.
- IPsecIPsecInternet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
is fully integrated, allowing connections to be allowed or denied based on security certificates, Kerberos authentication, etc. Encryption can also be required for any kind of connection. - Improved interface for managing separate firewall profiles. Ability to have three separate firewall profiles for when computers are domain-joined, connected to a private network, or connected to a public network (XP SP2 supports two profiles—domain-joined and standard). Support for the creation of rules for enforcing server and domain isolation policies.
Windows Server 2008
Windows Server 2008 contains the same firewall as Windows Vista. The firewall in Windows Server 2008 R2Windows Server 2008 R2
Windows Server 2008 R2 is a server operating system produced by Microsoft. It was released to manufacturing on July 22, 2009 and launched on October 22, 2009. According to the Windows Server Team blog, the retail availability was September 14, 2009. It is built on Windows NT 6.1, the same core...
and Windows 7 contains some improvements, such as multiple active profiles.
See also
- List of Microsoft Windows components
- Security and safety features new to Windows VistaSecurity and safety features new to Windows VistaThere are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release....
- Personal firewallPersonal firewallA personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Typically it works as an application layer firewall....
- Comparison of firewallsComparison of firewallsThe following tables compare different aspects of a number of firewalls, starting from simple home firewalls up to the most sophisticated Enterprise firewalls.-Firewall software:...
External links
- Windows Firewall on Microsoft TechNet
- Understanding Windows Firewall for Windows XP
- Customizing Windows Firewall
- Adding Windows Firewall Exceptions