Windows Vista Two Way Firewall
John Lock the door! And come... Let us go... said mom
to her 8 year old son. We hear the term "Lock the
door..." in almost every day and keep using locks
every day to protect our house from thieves. Thus, the
word "Security" is used for protecting something
from getting stolen or from some mishaps.
As said above, one can arrange physical security arrangements
like locking the computer labs, rooms. However, these
security arrangements will not help to prevent the data
inside the computer from getting stolen, especially,
in case, if the computer gets connected to network and
internet. In case of home, Personal details and other
data related to bank accounts, various calculations,
etc. can be whisked away by some miscreants, if one
fails to provide software security to the system. Similarly,
business details and other highly confidential details
are often under security threats, if there is no proper
security arrangements are made by the organization.
What is a firewall?
A firewall is one of the security measures, is basically
a program used to block dangerous network traffic and
ensure safety from getting unsafe data. In early days
of windows family of operating systems, there was no
direct protection to the systems. Users of old windows,
made to go for third party firewalls. However, with
release of Windows XP, the concept of built in firewall
was introduced in the client systems.
The new operating system of Windows Family, the Windows
Vista which is planned to be released on early 2007,
and Longhorn the server family of operating system,
has got a new and enhanced version of firewall with
it. The new firewall will be similar to that of firewall
in Windows XP Service Pack 1 and Service Pack 2.
Much control over the network traffic in Vista Firewall
The new two-way firewall for Windows Vista is designed
to give administrators much control over the network
traffic and applications while one uses internet. The
firewall is in its development and testing stage and
is likely to be released in real version along with
the final version of Windows Vista.
The firewall is said to be "Two-Way" because,
it filters and blocks both in-coming and out-going network
data. It can be used to block systems which are trying
to connect to applications, using illegal means. This
feature of blocking out-going data does not exist in
Windows XP firewall. By using the new feature, administrators
can ensure that their PC’s only uses a preferred
Instant Messaging application. If some one uses some
other Instant Messaging application, other than one,
which administrator is using, it will be blocked.
The new firewall designed for Windows Vista and Windows
Server Long horn have the following features. They are,
- It enables filtering for both incoming and outgoing
- It has internet protocol security settings and Firewall
filtering settings integrated
- It has got Microsoft Management Console Snap In
for User Interface,
- Exceptions for filtering can be configured for Active
Directory, directory service account and groups, IP
addresses, TCP (Transmission Control Protocol) and
UDP (User Datagram Protocol) ports, Internet Control
Message Protocol and IPV6 services.
Features introduced in the Community Technical Preview
The new firewall features were introduced in the Community
Technical Preview build 5270, but found difficult for
a user to access it. One might come to the conclusion,
after installing Build 5270 that, the firewall has not
changed. One needs to create a customized management
console, and configure it to load windows firewall with
advanced security. The management console can be handled
in two ways. The first way is "Single machine mode"
where in it can manage only the computer, in which it
has been installed. The second way is to configure the
firewall, with an Active Directory setup to protect
a number of machines. For example if one has got 100
systems then one can setup a policy, one time, to block
The new firewall supports methods to block incoming
data, dropping all incoming data that does not correspond
to either traffic sent in response to a request of the
computer or the traffic that is given exception by the
user. This is very important aspect of blocking, as
it prevents spreading infections of most dangerous network
level viruses and worms that spread through unsolicited
Configuring the firewall:
The network administrator can configure the new Windows
Vista Firewall to block all traffic sent to specific
ports, such as the well known ports used by virus software
or to the specific IP addresses of computers that contain
the sensitive content. The default setting of the Windows
Firewall is to,
- Block all incoming data, unless it is solicited
or matches a given exception,
- Allow all outgoing data unless it matches a given
One can configure the new Windows Vista firewall, by
using Windows Firewall item in the control panel. Here
one cannot configure the enhanced settings. The new
firewall can be configured with an MMC Snap-in item
named "Windows Firewall with Advanced Security".
One must add the snap-in "Windows Firewall with
Advanced Security" to an MMC Console. There is
presently no predefined console available for this firewall.
One can configure the firewall using command line also.
For this, one should run the commands in netsh advfirewall
context. This context is not there for computers running
Windows XP with SP1 and SP2 or Windows 2003 Server.
If one configures the new firewall for group Policy
based configuration, Windows XP with SP1 and SP2 and
Windows 2003 Server will ignore the settings and continue
with its old firewall. However, in Beta Version of Windows
Vista, one cannot see the rules defined for blocking
or allowing the network traffic, in the control Panel.
For Group Policy based configuration, one need to open
Computer, then Configuration, Windows Settings, Security
Settings, Windows Firewall with Advanced Security in
the Group Policy Editor snap-in. The new firewall will
apply the settings done, to the current Windows Firewall
at ComputerConfigurationAdministrative TemplatesNetworkNetwork
IPSec and firewall based security:
IP Security has become a level of issue, today for
different users. Internet uses IP addresses to identify
the server name one specifies. The web pages stored
in the web sites get downloaded after resolving the
domain name to IP address, which is further converted
to binary because, computers can only understand binary
form. IPSec is a set of Internet standards which provides
higher level of protection for IP traffic. In Windows
XP and Windows Server 2003, Both Firewall and IPSec
are configured separately. Windows Vista’s new
firewall will combine the network services using the
same GUI and command line commands. This simplified
the configuration settings of the IPSec, highly.
More things that can be done in new firewall:
With new Windows firewall one can configure rules for
Active Directory Accounts and groups. One can specify
the list of computer accounts and groups or user accounts
and groups that are authorized to initiate protected
communication for both outgoing and incoming data.
One can also specify the scope of expected incoming
data. This is used to define the portion of the IP addresses,
which are suspected to be dangerous. In the client systems,
the new firewall can be configured to block both outgoing
and incoming data, through the set of IP addresses of
For destination addresses that are meant to be blocked,
one can specify, predefined addresses, with the firewall.
They are the IP addresses of Default gateways, WINS
servers, DHCP servers, DNS servers, and Local subnets.
With new firewall, one block the network traffic for
IP protocol number. At present, one can create rules
based on TCP or UDP traffic, but, cannot define other
type of network traffic to be blocked apart from TCP
and UDP. There is a chance of getting network traffic
through the use of any other protocol. So, the new firewall
is designed in a way that, we can add other type of
protocols, which are found to be suspicious. One can
manually type the value number of the protocol directly.
One can specify comma separated values list of multiple
TCP or UDP ports that are meant for blocking in Windows
Vista new firewall. One can even specify all ports to
fall under rule. The problem here is that, one should
specify explicitly the port number though the port numbers
fall under one range. For example, to block port numbers
between 500 to 503, instead of specifying 500-503, one
should specify as "500, 501, 502, 503".
One can also configure the rules for specific type
of interfaces, which includes LAN, remote access or
wireless interfaces. For example, if an application
is used only for remote access and not for others, then
one can configure the rule to be applied to remote connections
With the existing old firewall one can only enable
rules for handling a fixed set of ICMP and ICMPV6 messages.
In new firewall, there is list of a predefined set of
commonly expected ICMP and ICMPV6 messages, and new
ICMP and ICMPV6 messages can be added by specifying
ICMP and ICMPV6 message type and code field values.
In the present firewall, one can configure a rule for
services by specifying the path to the service program
file name. With the new firewall one can specify that
the defined rule applies to different processes, services.
One can specify short name for the service name. For
example, if one wants to configure a rule for a specific
Computer browser service, then they can select the computer
browser service in the list of services that are present
in the computer.
Practical approach towards using Windows firewall
with advanced security snap-in:
To configure advanced settings for the new firewall
one must add the firewall with Advance Security Component
to a MMC Console.
From Vista, Click Start, and type mmc into the text
box provided there, and press enter.
In the MMC console Window, Click File, select Add/Remove
Snap in option.
In the available Snap-Ins Click Windows Firewall with
Advanced Security and click add.
Up on adding the snap-in, it prompts the user asking
the computer name to manage. Select Local Computer and
click Finish and then click OK.
To switch ON or OFF, the status of the firewall, Right
click the "Windows Firewall with Advanced Security"
and select properties from the resulting popup menu.
One can store a set of configuration rules, under separate
nodes. These nodes are,
- Inbound Rules,
- Out Bound Rules,
- Computer Connection Security,
The Inbound Rules node stores a set of configuration
rules for incoming traffic. The Outbound Rules node
stores a set of configuration rules for outgoing traffic.
The Computer Connection Security node holds a certain
rules for protected connection and protected network
traffic. Monitoring displays information on present
firewall rules, connection and security rules and various
security options and associations that are available.
This node is not displayed when one views the firewall
with advanced security snap-in through and within Group
Policy Editor snap-in.
The Overview, Links and Resource panel are displayed
when one selects Windows Firewall with Advanced Security
node in the tree.
The overview panel displays the present status of the
Windows Firewall for domain. It also includes standard
profiles which are active.
The Links and Resources panel provide links to additional
information about common procedures and topics for the
The Actions panel displays the context menu of command
for the currently selected node in either the tree or
details pane.One can create four types of rules in Inbound
Rule Wizard. One can launch the same through right clicking
over Inbound Rule node and selecting the option New
Rule. The four types are Program, Port, Predefined and
One can specify a rule for incoming data based on program
name, to which the data is meant. One can also specify
an action (Allow, Block, Protect) to which the rule
applies, and a name to the rule.
Ports are the main communication streams for applications
that work on the internet. Some times unknown, dangerous
data are being transmitted through the internet, through
the use of ports. This data can cause harm to the computer.
So, there was need for the incoming data to be blocked,
through the ports. Vista’s new firewall blocks,
allows, or protects data coming through the TCP and
UDP ports, by allowing us to configuring a rule to do
the specified action.
To take action against predefined services, one must
select the predefined services in the New Rule dialog
box. The predefined services are, Remote Assistance,
File and Printer Sharing, Remote Desktop, Universal
Plug and Play (UPnP) Framework, and ICMP Echo Request
One can use Custom to create a rule, which does not
include a program, port or a predefined service. Selection
of the option enables one to manually configure the
rule behavior. One can specify a name for the rule.
Similarly, for an outbound also, one can configure
the rules, again by choosing 4 options which are same
as inbound new rule, exception being that, it is configured
for providing protection to outgoing network traffic.
After this, process, one will have the set of outbound
rules and inbound rules stored. And they will be used
by the firewall to filter and block the data coming
into and going out of the system. One can configure
the advanced properties for the firewall, by right clicking
over the rule name and select properties. The resultant
dialog box will have four tabs and as follows,
General: This contains the rule’s name, the program
to which the rule applies, and the rule’s action.
Program and services: The program or services to which
the rule applies.
Computers: If the rule’s action is to allow only
secured connection, the computer account is allowed
to make protected connection.
Protocols and Ports: This includes, the IP protocol
to which rule belongs to, Source and Destination TCP
and UDP ports and ICMP and ICMP V6 settings.
Scope: The rule’s scope, i.e. its source and
destination scopes through addresses.
Advanced: This tab contains the types of interface
to which the rule applies.
There is no direct link for the new firewall, in control
panel settings or in any other settings. So, therefore,
it is very difficult to find and configure the new firewall.
Though there are many security products available
with similar capabilities, this firewall is built into
the operating system and makes life much easier for
network administrators in the organization. There will
be major difference between Windows XP and Windows Vista
in terms of firewall also. The underlying code for firewall
called Windows Filtering Platform has been redone for
Vista. Microsoft is doing a great job in this regard,
by helping the users of Windows Vista by protecting
their systems, by using two different levels of firewalls
embedded in to the Window Vista system.
Check out more topics on windows from here,
Advantages and Disadvantages of Windows 7
16 Reasons Why Should You Select Windows Vista
Advantages and Disadavantages of Windows Vista
Advice on Upgrading to Windows Vista
All about Windows Vista Migration
Wanna make Windows XP look like Vista ?
Change Windows Vista Appearance
Cloud Computing Deployment Models