But this lessened hype doesn't mean you should forgo personal firewall protection, especially given the maturity and features of the current incarnation of the Windows Firewall in Windows 7.
Windows Firewall is one of the greatest endpoint security controls that you can enable. When I perform internal security assessments, I find that the difference between an easily exploitable Windows workstation and one that's mostly -- if not completely -- secure is largely determined by whether Windows Firewall is enabled.
There are several benefits of Windows Firewall in Windows 7 that you can use to justify its existence in your enterprise desktop protection strategy:
- Multiple policies are supported, depending on your location: untrusted public networks (such as coffee shops or hotels) and trusted home and work networks.
When you are connected to a public network, network discovery is disabled so other computers can't see or connect to the system. Network discovery is on when you are connected to a home or work network. In addition, with home networks, users can create or connect to HomeGroups for file sharing. This may be the beginning of the end of all the open shares accessible on Windows workstations that create big compliance gaps and security risks in most organizations. The firewall policy management interface is shown in Figure 1.
- Certain outbound traffic is filtered by default. You can also add or tweak custom applications to help corral malware infections and, to some extent, prevent data leakage.
Figure 2 shows what happens when a newly installed application is blocked by Windows Firewall.
- It is tightly integrated with the operating system, making it less noticeable than in earlier versions, which improves user experience. Unlike many third-party personal firewalls, I've rarely had to disable the Windows 7 firewall. It just runs in the background and works fine.
- The firewall's connection rules are tightly integrated with IPsec in the same interface, which provides more granular trust-based communications and Network Access Protection controls.
- Logs are integrated with the much-improved Windows Event Viewer in Windows 7, as shown in Figure 3.
- Everything can be controlled locally for small shops -- through Control Panel (or wf.msc) or Group Policy -- especially when integrated with Windows Server 2008 domain controllers.
Microsoft has detailed documentation on managing Windows Firewall in the enterprise, which is still a rarity these days.
Note: To help decrease security risk, Windows Firewall Help states that you should (1) only allow a program or open a port when you need to add and remove programs from the list of allowed programs or close ports that you no longer need, and (2) never allow a program that you don't recognize to communicate through the firewall. These are nice reminders that the Windows Firewall is just like any other firewall. It has to be maintained on a periodic and consistent basis, or it'll only create more complexity and security risks in your environment.
Windows Firewall is an important part of a smart defense-in-depth strategy. While it won't provide the same level of security as a third-party endpoint protection system, it's a great start and should be considered.
ABOUT THE AUTHOR
Kevin Beaver is an information security consultant, keynote speaker and expert witness at Atlanta-based Principle Logic LLC. Having worked for himself over the past seven years, he specializes in performing independent security assessments and helping IT professionals enhance their careers. Beaver has also authored/co-authored seven books on information security including Hacking for Dummies and Hacking Wireless Networks For Dummies (Wiley). In addition, he's the creator of the Security On Wheels information security audio books and the Security on Wheels blog providing security learning for IT professionals on the go. Beaver can be reached at email@example.com.
This was first published in April 2010