The Windows XP SP2 Firewall by vud12792

VIEWS: 16 PAGES: 10

									The Windows XP SP2 Firewall
      ITS Information Security Office
        Windows Sysadmin Meeting

             February 3, 2005

                Ken Hoover
         Sr. Systems Programmer
          ken.hoover@yale.edu
                      Agenda
 The XP Firewall: SP1 vs. SP2.
 More details
 Configuring the firewall with Group Policy
 The Exceptions Control panel
 Firewall Pop-ups: Making the right call
 Application vs. Port Exceptions
 An Announcement
    The XP Firewall: SP1 vs SP2
      Service Pack 1            Service Pack 2
   ICF Must be enabled        Firewall on by default
   Starts after network       Active before computer
    stack is up.                goes on network
   Configured separately      Active for all network
    for each interface          connections
   Simple exceptions          Exceptions may be
                                limited in scope
                               New “no exceptions”
                                operational mode
             More Information
   The Windows Firewall is stateful.

   Can be completely managed from command line or through
    group policy.

   “Domain” vs. “Non-Domain” firewall Group Policy settings

   Firewall can log information on dropped and/or accepted
    packets

   XP SP2 Firewall improvements are being ported to Windows
    Server 2003 in Service Pack 1 (out “soon”)


               Various SP2 “gotchas” listed at:
            babs.its.yale.edu/yalead/sp2notes.asp
                     submit your favorites.
Group Policy Settings
   Firewall
  Exceptions


Configured with
group policy
Making the Right Call
      More on Application vs. Port Exceptions
    Both kinds may be used in combination
    Port Exceptions:
         Allow traffic to a particular port.
    Application Exceptions:
         Allow an application to open any ports that it wants.
         Useful for well-known apps so users don’t get pop-ups (use
          group policy to deploy in advance)
         Specify path of the executable that will be listening.
         Can be deployed in advance.



    BE AWARE:
    Applications that are given an “application exception” are allowed to open
    any ports they want even if the port is blocked by a port exception.
                    Questions?
• “Deploying Windows Firewall Settings for Microsoft Windows XP
with Service Pack 2” http://go.microsoft.com/fwlink/?LinkId=23277


• “Changes to Functionality in Microsoft Windows XP Service
Pack 2” http://go.microsoft.com/fwlink/?LinkId=28022
                ANNOUNCEMENT
   Lunchtime “Windows Roundtable” meetings will begin Feb 23rd and
    repeat every other month at 221 Whitney
    Currently Scheduled: Feb 23, April 20, June 22, Aug 24, and Oct 26

   Public List: windows-roundtable@panlists.yale.edu

   See www.yale.edu/yalead for details.

   These meetings will alternate with security meetings for both the
    Windows and the unix community.
    See www.yale.edu/its/security/sysadmin.htm for more on the
    security meetings.

								
To top