The Windows XP SP2 Firewall ITS Information Security Office Windows Sysadmin Meeting February 3, 2005 Ken Hoover Sr. Systems Programmer firstname.lastname@example.org Agenda The XP Firewall: SP1 vs. SP2. More details Configuring the firewall with Group Policy The Exceptions Control panel Firewall Pop-ups: Making the right call Application vs. Port Exceptions An Announcement The XP Firewall: SP1 vs SP2 Service Pack 1 Service Pack 2 ICF Must be enabled Firewall on by default Starts after network Active before computer stack is up. goes on network Configured separately Active for all network for each interface connections Simple exceptions Exceptions may be limited in scope New “no exceptions” operational mode More Information The Windows Firewall is stateful. Can be completely managed from command line or through group policy. “Domain” vs. “Non-Domain” firewall Group Policy settings Firewall can log information on dropped and/or accepted packets XP SP2 Firewall improvements are being ported to Windows Server 2003 in Service Pack 1 (out “soon”) Various SP2 “gotchas” listed at: babs.its.yale.edu/yalead/sp2notes.asp submit your favorites. Group Policy Settings Firewall Exceptions Configured with group policy Making the Right Call More on Application vs. Port Exceptions Both kinds may be used in combination Port Exceptions: Allow traffic to a particular port. Application Exceptions: Allow an application to open any ports that it wants. Useful for well-known apps so users don’t get pop-ups (use group policy to deploy in advance) Specify path of the executable that will be listening. Can be deployed in advance. BE AWARE: Applications that are given an “application exception” are allowed to open any ports they want even if the port is blocked by a port exception. Questions? • “Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2” http://go.microsoft.com/fwlink/?LinkId=23277 • “Changes to Functionality in Microsoft Windows XP Service Pack 2” http://go.microsoft.com/fwlink/?LinkId=28022 ANNOUNCEMENT Lunchtime “Windows Roundtable” meetings will begin Feb 23rd and repeat every other month at 221 Whitney Currently Scheduled: Feb 23, April 20, June 22, Aug 24, and Oct 26 Public List: email@example.com See www.yale.edu/yalead for details. These meetings will alternate with security meetings for both the Windows and the unix community. See www.yale.edu/its/security/sysadmin.htm for more on the security meetings.
Pages to are hidden for
"The Windows XP SP2 Firewall"Please download to view full document