Windows Firewall

Windows Firewall
A component of Microsoft Windows

Windows Firewall in Windows 10
Details
Other names	Internet Connection Firewall
Type	Firewall software
Included with	Windows XP and later
Service name	SharedAccess
Description	Security Center
Related components
Windows Security Center

Windows Firewall is a software component of Microsoft Windows that provides firewalling and packet filtering functions. It was first included in Windows XP and Windows Server 2003. Prior to the release of Windows XP Service Pack 2 in 2004, it was known as Internet Connection Firewall.

Overview

When Windows XP was originally shipped in October 2001, it included a limited firewall called "Internet Connection Firewall". It was disabled by default due to concerns with backward compatibility, and the configuration screens were buried away in network configuration screens that many users never looked at. As a result, it was rarely used. In mid-2003, the Blaster worm attacked a large number of Windows machines, taking advantage of flaws in the RPC Windows service. Several months later, the Sasser worm did something similar. The ongoing prevalence of these worms through 2004 resulted in unpatched machines being infected within a matter of minutes.^[1] Because of these incidents, as well as other criticisms that Microsoft was not being active in protecting customers from threats, Microsoft decided to significantly improve both the functionality and the interface of Windows XP's built-in firewall, rebrand it as Windows Firewall,^[2] and switched it on by default since Windows XP SP2.

One of three profiles is activated automatically for each network interface:^[3]

Public assumes that the network is shared with the World and is the most restrictive profile.
Private assumes that the network is isolated from the Internet and allows more inbound connections than public. A network is never assumed to be private unless designated as such by a local administrator.
Domain profile is the least restrictive. It allows more inbound connections to allow for file sharing etc. The domain profile is selected automatically when connected to a network with a domain trusted by the local computer.

Security log capabilities are included, which can record IP addresses and other data relating to connections originating from the home or office network or the Internet. It can record both dropped packets and successful connections. This can be used, for instance, to track every time a computer on the network connects to a website. This security log is not enabled by default; the administrator must enable it.^[4]

Windows Firewall can be controlled/configured through a COM object-oriented API, scriptable through the netsh command,^[5] through the GUI administration tool^[6] or centrally through group policies.^[7] All features are available regardless of how it is configured.

Versions

Windows Neptune

In the unreleased Windows Neptune, the firewall was introduced. It is similar to the one found in Windows XP.^[8]

Windows XP

Windows Firewall settings in Windows XP Service Pack 2

Windows Firewall was first introduced as part of Windows XP Service Pack 2. Every type of network connection, whether it is wired, wireless, VPN, or even FireWire, has the firewall enabled by default, with some built-in exceptions to allow connections from machines on the local network. It also fixed a problem whereby the firewall policies would not be enabled on a network connection until several seconds after the connection itself was created, thereby creating a window of vulnerability.^[9] A number of additions were made to Group Policy, so that Windows system administrators could configure the Windows Firewall product on a company-wide level. XP's Windows Firewall cannot block outbound connections; it is only capable of blocking inbound ones.

Windows Firewall turned out to be one of the two most significant reasons (the other being DCOM activation security)^[10] that many corporations did not upgrade to Service Pack 2 in a timely fashion. Around the time of SP2's release, a number of Internet sites were reporting significant application compatibility issues, though the majority of those ended up being nothing more than ports that needed to be opened on the firewall so that components of distributed systems (typically backup and antivirus solutions) could communicate.

The firewall does not filter IPv6 traffic.^[11]

Note that the DCOM problem can be solved by moving applications to DComLab's ComBridge protocol.

Windows Vista

Windows Vista improved the firewall to address a number of concerns around the flexibility of Windows Firewall in a corporate environment:^[12]

The firewall is based on the Windows Filtering Platform.
A new management console snap-in named Windows Firewall with Advanced Security which provides access to many advanced options, and enables remote administration. This can be accessed via Start -> Control Panel -> Administrative Tools -> Windows Firewall with Advanced Security, or by running "wf.msc"
Outbound packet filtering, reflecting increasing concerns about spyware and viruses that attempt to "phone home". Outbound rules are configured using the management console. Notifications are not shown however for outbound connections.
With the advanced packet filter, rules can also be specified for source and destination IP addresses and port ranges.
Rules can be configured for services by its service name chosen by a list, without needing to specify the full path file name.
IPsec is fully integrated, allowing connections to be allowed or denied based on security certificates, Kerberos authentication, etc. Encryption can also be required for any kind of connection.
Improved interface for managing separate firewall profiles. Ability to have three separate firewall profiles for when computers are domain-joined, connected to a private network, or connected to a public network (XP SP2 supports two profiles—domain-joined and standard). Support for the creation of rules for enforcing server and domain isolation policies.

Windows Server 2008 and Windows 7

Windows Server 2008 contains the same firewall as Windows Vista. The firewall in Windows Server 2008 R2 and Windows 7 contains some improvements, such as multiple active profiles.^[13]

References

Notes

^ These multiple vulnerabilities were fixed by Microsoft over the course of several months; Microsoft security bulletins MS03-026, MS03-039, and MS04-012 cover this in more detail.

External links

Windows Firewall on Microsoft TechNet
Understanding Windows Firewall for Windows XP
Customizing Windows Firewall
Adding Windows Firewall Exceptions
Blocked Connections Monitor

Microsoft security products

Numbers in brackets are the years of the initial release of the product.

For Windows	Windows Firewall [2001] Baseline Security Analyzer [2004] Malicious Software Removal Tool [2005] Windows Defender [2006] Microsoft Security Essentials [2009] Microsoft Safety Scanner [2011]

For Windows Server	Exchange Online Protection [2007] System Center Data Protection Manager [2007] Identity Manager [2010]

Discontinued	MSAV [1993] Threat Management Gateway [1997] OneCare Safety Scanner [2006] Unified Access Gateway [2007] Windows Live OneCare [2006] RootkitRevealer [2006]

Related topics	Kernel Patch Protection Data Execution Prevention MS Antivirus (malware)

Microsoft Windows components

Management
tools

CDFS
DFS
exFAT
IFS
FAT
NTFS
- Hard link
- Junction point
- Mount Point
- Reparse point
- Symbolic link
- TxF
- EFS
ReFS
UDF
WinFS

Server

Architecture

Security

Compatibility

API

Discontinued

Games	3D Pinball Chess Titans FreeCell Hearts Hover! InkBall Hold 'Em Mahjong Titans Minesweeper Purble Place Reversi Solitaire Spider Solitaire Tinker

Apps	ActiveMovie Anytime Upgrade Address Book Backup and Restore Cardfile CardSpace Contacts Desktop Gadgets Diagnostics DriveSpace DVD Maker Fax File Manager Food & Drink Help and Support Center Health & Fitness HyperTerminal Internet Explorer Journal Internet Mail and News Media Center Meeting Space Messaging Messenger Mobile Device Center NetMeeting NTBackup Outlook Express Travel Photo Gallery Program Manager Windows Easy Transfer WinHelp Write

Others	ScanDisk File Protection Media Control Interface Next-Generation Secure Computing Base POSIX subsystem Interix Video for Windows Windows SideShow Windows Services for UNIX Windows System Assessment Tool

Firewall software

Linux

Apps	Netfilter L7-filter NuFW ipset iptables nftables FireHOL Firestarter FirewallD Shorewall Uncomplicated Firewall MoBlock Privoxy Squid

Distros	SmoothWall IPCop IPFire LEDE OpenWrt Zeroshell Untangle

BSD

Apps	PF NPF ipfirewall IPFilter

Distros	M0n0wall SmallWall pfSense

OS X

Windows

Commercial	Check Point Integrity Kaspersky Internet Security McAfee Personal Firewall Plus Microsoft Forefront Threat Management Gateway Norton 360 Norton Personal Firewall Norton Internet Security Outpost Firewall Pro Symantec Endpoint Protection Trend Micro Internet Security Windows Firewall Windows Live OneCare WinGate WinRoute

Freemium	Comodo Internet Security Online Armor Personal Firewall PC Tools Internet Security ZoneAlarm

Open-source	PeerBlock PeerGuardian

Appliances

This article is issued from Wikipedia - version of the 9/3/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.