The Windows XP SP2 Firewall by vud12792


									The Windows XP SP2 Firewall
      ITS Information Security Office
        Windows Sysadmin Meeting

             February 3, 2005

                Ken Hoover
         Sr. Systems Programmer

 The XP Firewall: SP1 vs. SP2.
 More details
 Configuring the firewall with Group Policy
 The Exceptions Control panel
 Firewall Pop-ups: Making the right call
 Application vs. Port Exceptions
 An Announcement
    The XP Firewall: SP1 vs SP2
      Service Pack 1            Service Pack 2
   ICF Must be enabled        Firewall on by default
   Starts after network       Active before computer
    stack is up.                goes on network
   Configured separately      Active for all network
    for each interface          connections
   Simple exceptions          Exceptions may be
                                limited in scope
                               New “no exceptions”
                                operational mode
             More Information
   The Windows Firewall is stateful.

   Can be completely managed from command line or through
    group policy.

   “Domain” vs. “Non-Domain” firewall Group Policy settings

   Firewall can log information on dropped and/or accepted

   XP SP2 Firewall improvements are being ported to Windows
    Server 2003 in Service Pack 1 (out “soon”)

               Various SP2 “gotchas” listed at:
                     submit your favorites.
Group Policy Settings

Configured with
group policy
Making the Right Call
      More on Application vs. Port Exceptions
    Both kinds may be used in combination
    Port Exceptions:
         Allow traffic to a particular port.
    Application Exceptions:
         Allow an application to open any ports that it wants.
         Useful for well-known apps so users don’t get pop-ups (use
          group policy to deploy in advance)
         Specify path of the executable that will be listening.
         Can be deployed in advance.

    Applications that are given an “application exception” are allowed to open
    any ports they want even if the port is blocked by a port exception.
• “Deploying Windows Firewall Settings for Microsoft Windows XP
with Service Pack 2”

• “Changes to Functionality in Microsoft Windows XP Service
Pack 2”
   Lunchtime “Windows Roundtable” meetings will begin Feb 23rd and
    repeat every other month at 221 Whitney
    Currently Scheduled: Feb 23, April 20, June 22, Aug 24, and Oct 26

   Public List:

   See for details.

   These meetings will alternate with security meetings for both the
    Windows and the unix community.
    See for more on the
    security meetings.

To top