Windows Firewall came with the release of SP2 for Windows XP. It contained a number of significant improvements compared to ICF and was included in the default OS. For some time, the latter fact often led to the failure of many legacy applications, and the necessity to set specific tasks in Windows advanced settings and, of course, criticism of MS. Also, a lot has been written about the lack of outbound filtering. However, after the emergence of Nimda, Slammer, Blaster, and other unpleasant names, it became obvious for many that a built-in firewall is not excessive.
Vista and Windows Server 2008 brought more changes in Windows Firewall. In fact, there appeared a new filtering platform. The firewall worked on its basis and there was an opportunity to create third-party solutions. The firewall settings have been combined with IPsec policy and there manifested an outbound filtering.
We will try to focus on the features of Windows Firewall in the Seven and R2.
Several active profiles
The first and foremost firewall feature in Windows 7 is that multiple profiles can be active simultaneously.
Starting with Windows Vista, the built-in firewall supports three profiles – domain, private and public (there were two in XP – domain and standard). Each profile is a set of firewall rules. Whenever a computer connects to the network, the OS tries to identify the network and apply the appropriate profile. In particular, when the network is available, the domain controller that owns the computer automatically applies the domain profile. If the domain controller is missing in the new network to which the computer has connected, the firewall applies the most restrictive public profile. In this case, the user gets a window where they can explicitly choose a profile for this network (Hoffman, 2014).
Network Location Awareness Service (NLA) maintains the network information in a special database. The next time the computer connects to the network, the NLA successfully identifies it based on the stored information and the firewall automatically applies the appropriate profile.
As for Windows Vista, at each moment of time, only one profile can be active. That is, at each moment of time, the settings of only one profile apply to all network interfaces on which the firewall is enabled.
This gives rise to certain problems. For example, the administrator has allowed incoming connections for some business applications (Microsoft Office Groove, as an option) in the domain profile. The user works on a laptop in a domain network and uses the business application. Suppose the user moves to the meeting room, where various pieces of public Wi-Fi networks, for example, office from the adjacent floor or the mobile operator are available. Wi-Fi adapter on laptop automatically connects to this public network, and the profile public needs to be applied. In such a situation, when the adapters are in different networks, Vista always uses the most restrictive profile that is public, which, in its turn, prohibits all incoming connections. As a result, our business application ceases to work correctly.
Another example is VPN. The same user from the laptop is trying to access corporate resources from home. He establishes a VPN connection and gains access to the whole corporate network. However, since the VPN connection is used, for example, the private profile settings of the domain profile of the firewall are not used and the business application is not working as it should.
Windows 7 supports the same three profiles firewall. However, multiple profiles can be simultaneously active. Each network adapter uses the most suitable profile for the connected network. Therefore, after connecting to the corporate network through VPN from an Internet cafe, all traffic through the VPN tunnel applies to the domain profile, while all other traffic is protected by the public profile (Hoffman, 2012).
So, Windows Firewall evolves with the operating system, responding to no less actively evolving security threats.
Windows Firewall does not pretend to be the powerful specialized firewall, however, it is available out of the box, is effectively managed via group policy or scripts and fulfills its main task – the additional security of a workstation/server from unwanted external network effects.
- Hoffman, C. (2012). Windows 7 Firewall: How It Compares Against Other Firewalls. MakeUseOf. Retrieved 6 May 2017, from http://www.makeuseof.com/tag/windows-7-firewall-compares-firewalls/
- Hoffman, C. (2014). Why You Don’t Need to Install a Third-Party Firewall (And When You Do). Howtogeek.com. Retrieved 6 May 2017, from https://www.howtogeek.com/165203/why-you-dont-need-to-install-a-third-party-firewall-and-when-you-do/