Problem solve Get help with specific problems with your technologies, process and projects.

Microsoft Windows Vista firewall enhancements

This tip helps value-added resellers (VARs) and security consultants navigate the redesigned Microsoft Windows Vista firewall, from pointing out improvements to group policy management best practices.

In spite of the marketing hype, it seems that many companies are reluctant to upgrade to Windows Vista. Windows XP is a stable and mature product, and not all of the applications that run on Windows XP will function on Vista. However, as a channel reseller, it's in your best interest to convince customers to upgrade. After all, Vista has some rather demanding hardware requirements, and what better way to sell hardware than to sell an operating system that requires it? And improved security can be one of your key selling points.

In spite of any negative press associated with Windows Vista, it is by far the most secure operating system that Microsoft has ever created. One of the new features that security-conscious customers will find interesting is the redesigned Windows firewall.

Unless your customers are extremely security savvy, they may not even know about the newly redesigned firewall because Microsoft has hidden the new features. If you simply open the firewall from the Control Panel, it looks nearly identical to the Windows XP version, as shown in Figure A.

Figure A

If launched from the Control Panel, the Windows Vista firewall looks just like the Windows XP version.

What a lot of people don't realize is that there is an entirely separate console for managing the Vista firewall that did not exist in Windows XP. You can access this console by entering the MMC command from a command prompt. Doing so will open an empty Microsoft Management Console. When the console opens, select the Add/Remove Snap-in command from the File menu. You will be presented with a long list of available snap-ins. Choose the Windows Firewall with Advanced Security option from the list, and click the Add button. You will be asked if you want to manage the local computer or another computer. Be sure that the local computer option is selected, and click Finish. When the snap-in loads, the console will look something like the one that's shown in Figure B.

Figure B

This is the new Windows Firewall with Advanced Security console.

Of course a fancy new interface doesn't justify an operating system upgrade, so you are probably wondering what's so special about the new firewall. There are too many new features to discuss here, but I'd like to highlight two that are really important.

The first of these features is outbound traffic filtering. People typically think of a firewall as a mechanism for keeping the bad guys out of a computer, but it is just as important for regulating the types of traffic that can be sent from a computer. For example, many types of spyware are designed to transmit information found on a victim's computer to a server somewhere on the Web. Unless your customers want their sensitive information floating around in cyberspace, they need to take some precautions to prevent information from being transmitted indiscriminately.

Outbound traffic filtering has other uses as well. The Windows Vista firewall is application-aware, so an administrator could potentially use it to block peer-to-peer file sharing or instant messaging.

The other new capability that is worthy of note is the manageability of Windows Vista firewall via group policy. This gives the administrator centralized control over the Windows firewall. Windows XP gives you the ability to configure the firewall through group policy settings, but the configuration settings are pretty basic. If you look at Figure C, you can see that Windows Vista gives you granular firewall control. For example, in the figure below you have the ability to assign completely different firewall configurations (profiles) based on whether a user is connected to a domain.

Figure C

The Windows Vista firewall is configurable via group policy.

As you can see, Microsoft has completely redesigned the Windows firewall in Windows Vista. The new firewall features go a long way toward making Windows more secure, which can be a valuable selling point for a Vista upgrade.

Brien Posey

About the author
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.

Dig Deeper on Managed network security services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.