Microsoft have posted a document detailing Windows Firewall with Advanced Security in Windows Vista and Longhorn Server. Many organisations have wanted to apply outbound rules to traffic from their Windows boxes, which they will be able to do if they upgrade to Windows Vista or Longhorn, it’s going to be quite a challenge to implement on a large scale basis. It still suprises me though, how many organistations just turn the firewall off completely - in today’s networks, hosts need to actively protect themselves. Treat your internal network as hostile (more on that to come).
Windows® Firewall with Advanced Security is a stateful, host-based firewall that blocks incoming and outgoing connections based on its configuration. While typical end-user configuration of Windows Firewall still takes place through the Windows Firewall Control Panel tool, advanced configuration now takes place in a Microsoft® Management Control (MMC) snap-in named Windows Firewall with Advanced Security. The inclusion of this snap-in not only provides an interface for configuring Windows Firewall locally but also for configuring Windows Firewall on remote computers and via Group Policy. Firewall functions are now integrated with IPsec (Internet Protocol security) protection settings, reducing the possibility of conflict between the two protection mechanisms. Windows Firewall with Advanced Security supports separate profiles for when computers are domain-joined or connected to a private or public network. It also supports the creation of rules for enforcing server and domain isolation policies. Windows Firewall with Advanced Security supports more granular rules, including Microsoft Active Directory® users and groups, source and destination Internet Protocol (IP) addresses, IP port number, ICMP settings, IPsec settings, specific types of interfaces, services, and more.