Evolution of Windows Firewall: Windows Vista Firewall
We started this series with how Windows Firewall started out in Windows XP and then the changes to Windows Firewall in Windows XP SP2. This article will cover how Windows Firewall changed with Windows Vista.
Stepping up from Windows XP SP 2
Windows Firewall as it was introduced as part of Windows XP Service Pack 2 was a big change from what was offered under Internet Connection Firewall as part of the initial release of Windows XP.
Windows Firewall on Windows Service Pack 2 introduced users to the Windows Security Center for the first time which was a central point of access for users and administrators to manually configure not only the firewall settings for Windows but also the settings and the status of Automatic Updates and Virus Protection as desired.
Additionally, these new changes to the underlying Windows Firewall service were paralleled by some functional changes offered to administrators regarding some automation of the settings of the Windows Firewall service using Group Policy.
The Windows Firewall service on Vista, as was also the case on the Windows XP Service Pack 2 overhaul, provides protection for the operating system during the boot process and this protection caries forward to the present version under Windows 7 today.
The largest changes to Windows Firewall from XP SP2 to Vista can be summed up as follows:
- The management interfaces of Internet Protocol Security (IPsec) and the firewall have merged.
- IPsec and the firewall are both designed to block traffic within set parameters and by using both technologies
- Service Pack 1 for Windows Vista added reliability enhancements to the firewall service as well as support for Network Access Protection (NAP) .
- Service Pack 1 also adds new algorithms for use in IPsec including Advanced Encryption System (AES), Elliptic Curve Cryptography (ECC), and Secure Hash Algorithm (SHA) 256 and 384.
Additionally Windows Firewall with Advanced Security was also introduced. As part of the final installment of this series of articles we will go over Windows Firewall with Advanced Security in some detail.
Windows Security Center on Windows Vista
The Windows Security Center is available on all versions of Windows Vista from Home Basic right through to Ultimate Edition.
It is accessible through the Control Panel via the Security category as shown below.
You can begin working right from this window by choosing the Allow a program through Windows Firewall link or you can click the main Security heading to allow you to start from another point.
As you can see from the image below, the Security subgroup offers the end user the ability to use the GUI to handle multiple aspects of security that are available natively through the operating system.
Other than just working with the Windows Firewall, you can configure settings and behavior for Windows Update, Windows Defender, settings for Internet Explorer and BitLocker Drive Encryption.
If you choose the Windows Security Center option you’ll see not only the actions available to you for Windows Firewall but Windows Defender, Windows Update and Internet Options as well.
To work directly from Windows Firewall you could simply choose the Windows Firewall subsection from the Security page to be brought to the screen to manage some of the Windows Firewall settings as shown below.
Windows Firewall on Windows Vista
Once you are on the Windows Firewall properties page you can make the changes as desired.
Most of the underlying changes from the properties pages are going to be similar in scope and impact to the changes that became available under Windows Firewall on Windows XP SP2 (with some subtle differences).
One of the major differences that you should see right away is on the new property page for Windows Firewall which shows you whether the firewall is on or off (the default is on).
Additionally, it will notify you that all inbound connections that do not have an exception are blocked by default.
The page also identifies whether a display notification will be shown when a program is blocked (the default setting is to do this).
If you simply want to turn the firewall on or off you can elect to do this either from the left action pane or from the subsection of the main window. Either action will force you to respond to the User Account Control (UAC) dialog box; you need to elevate your credentials in order to successfully complete this action.
Once you select Continue to acknowledge the User Account Control (UAC) dialog box as shown above or provide the credentials of an administrator account as required you can elect to make whatever changes you might need on the general tab of the properties page that comes up.
If you need to make any exceptions you can do this on the Exceptions tab where you can see the list of current programs and / or ports that are already listed and whether or not there are already exceptions defined for them.
If there are you could choose one from the list and make the necessary changes to it.
Additionally, if you needed to, you could add a program that is not listed by selecting the Add Program button.
This would give you a list of applications that are available to you by default in the Programs section of the property page.
If the program you were looking for was not there to choose off the list you could enter the direct path to the executable or browse for it.
Once you’re set with the program that you need to configure you have the option to change the scope as necessary by clicking on that option in the lower left hand corner of the page.
Once you are on the Change Scope property page you can manage any changes you need to apply to the scope of the exception for the executable. You can set configuration so that the program or the port is unblocked for Any computer (including those on the Internet) – this is the default setting – or you can choose the other available options which include “My network (subnet) only or “Custom list” which allows you to type in individual IP addresses or a range of addresses.
If you need to configure just a port you can use that option and then select a name for the exception as well as the port number and whether this exception is going to be for the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP).
If you need to make the changes applicable to both Transmission Control Protocol (TCP) AND User Datagram Protocol (UDP) you would need to create another exception.
Just as with Programs, you can change the scope for a port in the same manner by selecting the Change Scope option.
If you need to adjust additional settings you would go to the Advanced Tab.
On this tab you have the ability to configure settings for each of the connections that are listed in the Network Connections Settings section. If you have just one connection you will see only one to configure and it will be selected by the check box to the left by default but if there are multiple settings you can configure each individually.
You also have the ability to automatically restore the default settings to the firewall by choosing the Restore Defaults button which will remove all of the firewall settings that you have configured for any network location.
You may notice that there is a difference between the available options on the Advanced tab from Windows XP SP2 and Windows Vista on the two screen shots below. (The first image is from an XP SP2 system and the second is from Vista).
The reason for this is due to the fact that these settings have been move off of the Advanced tab and are now available to review and configure in the Windows Firewall with Advanced Security MMC.
In this tutorial we reviewed a few of the smaller changes that were introduced from Windows XP Service Pack 2 to the version of Windows Firewall running on Windows Vista as well as the operation of Windows Security Center on Windows Vista. We wrapped up the tutorial with some of the steps for configuring the Windows Firewall on Windows Vista.
Continue reading part four of this series at: Evolution of Windows Firewall: Windows 7.