A better look at 2008’s firewalls
Below shows you the default screen when first entering into the ‘Windows Firewall with Advanced Security’ As you can see by default everything is turned ON, as it should be with any kind of firewall.
And take a look at the huge amount of rules already preset and configured.
What impresses me is the amount of control we now have from the firewall, with the last firewall, or the standard type firewall offered in XP sp2 2003 server etc, lets face it, it wasn’t very useful. This on the other hand could be of use!!
If you right click on an existing rule you are able to edit it, You can apply the Rules directly to the Services or applications that you want to permit, yes you could do this through the old firewall, but again that was not the best of interfaces, and just found to be clunky. Then of course you have the ‘Users and Computers’ Tab here it lets you drill down further and allow only a particular audience, which is very nice and makes it very quick if your in an AD environment.
You have a ‘Protocols and Ports’ tab, not much to say here, this is obviously a given.
Scope again is really a given but again the previous firewall just didn’t cut it, this is looking much more promising.
‘Advanced’ Lets you choose which profile you want to actually apply it to the domain, private or public and of course which interface card, as you might have a server with one interface on DMZ and the other on the internal network. (i bet half of you are saying why the hell would you do some thing so stupid, well VIRTULIZATION my friends)
There is Loads more Like monitoring, connection Security, These I will revisit at a later date.
All in all, I think this is a much better firewall there is certainly alot more offerings in this, more flexibility, and something that could be seen as a entry level firewall. Although it might suit the needs for a small business, most people including myself will be sticking to our enterprise hardware firewalls.
However there is no reason why you couldn’t use it as an internal firewall to block resources from internal users, we always like more security, well at least I do…