Thursday, September 18, 2008

Windows Vista Firewall Pt 2

One thing that Amy Babinchak pointed out that I failed to mention in my previous blog entry was that by default, not only is all outbound filtering disabled in the Microsoft Vista Windows Firewall, but so too is all logging.

So, once you have the Windows Firewall with Advanced Security applet open and have clicked on Windows Firewall Properties, if you click on the "Customize" button in the Logging section of each of the three profiles mentioned in my previous blog entry, you will see that, as the image below shows, all logging is disabled.

Now this isn't very secure, Microsoft, is it? Not only is all outbound filtering disabled by default on a product that you spout as being a lot better than your previous inbound-only firewall, but all logging is also disabled by default. Where's the "secure by design" in that?

So, I'd strongly recommend that everyone enables the logging where appropriate - on domain-joined desktops and laptops, that would be in the "Domain" profile. On non-domain joined desktops and laptops, that would be the "Private" profile, and in addition to this, on all laptops you would also do this in the "Public" tab.


The Outspoken Wookie

No comments: