Vista Firewall Adequacy

[Kevin Young]

I do a fair amount of business travel and so find myself connecting to the
Internet from hotels and other locations. Connections may be wired or
wireless and some of the wireless connections have no encryption. Is the
Vista Firewall sufficient for my needs or should I be looking at a Security
Suite with a more advanced Firewall? I connect to the office using Citrix
so that connection is encrypted and secure but I'm wondering if I need a
beefed up firewall to protect my system when using these types of hotel
connections.

 

[JerryM]

The new Vista firewall is a very good two way firewall, and as long as you
have a good anti-virus system installed to back it up, you shouldn't have
any problems.

 

[Mr. Arnold]

I do a fair amount of business travel and so find myself connecting to the
Internet from hotels and other locations. Connections may be wired or
wireless and some of the wireless connections have no encryption. Is the
Vista Firewall sufficient for my needs or should I be looking at a Security
Suite with a more advanced Firewall?

You are not going to find anything better than the Vista FW and Vista in
itself due to the advanced features the FW and Vista are using.

http://www.microsoft.com/technet/community/columns/cableguy/cg0905.mspx
http://www.microsoft.com/whdc/device/network/WFP.mspx

I connect to the office using Citrix so that connection is encrypted and
secure but I'm wondering if I need a beefed up firewall to protect my
system when using these types of hotel connections.

I have been in hotels a lot over the last couple years using dial-up and
wireless on Window XP Pro and now Vista.

I also supplemented or now supplement both solutions with IPsec. I used the
AnalogX IPsec policies. I keep the server side rules blocking and allow the
client side rules for services, like NNTP, HTTP, POP3, SMTP, etc, etc. It's
a piece of cake with the AnalogX rules that are already done for you and you
can learn from them. I have had to change a rule or two.

IPsec should be there. I got a lot of things I have to protect like IIS, SQL
Server, .NET, etc, etc on this laptop.

You should enable Vista's logging and review the log and implement IPsec.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/CONTENTS/articles/ipsec.htm
http://support.microsoft.com/kb/813878

And if you need to stop outbound traffic/packets, Vista's FW and IPsec can
both do it by setting rules.

 

[Kevin Young]

You are not going to find anything better than the Vista FW and Vista in
itself due to the advanced features the FW and Vista are using.

http://www.microsoft.com/technet/community/columns/cableguy/cg0905.mspx
http://www.microsoft.com/whdc/device/network/WFP.mspx



I have been in hotels a lot over the last couple years using dial-up and
wireless on Window XP Pro and now Vista.

I also supplemented or now supplement both solutions with IPsec. I used
the AnalogX IPsec policies. I keep the server side rules blocking and
allow the client side rules for services, like NNTP, HTTP, POP3, SMTP,
etc, etc. It's a piece of cake with the AnalogX rules that are already
done for you and you can learn from them. I have had to change a rule or
two.

IPsec should be there. I got a lot of things I have to protect like IIS,
SQL Server, .NET, etc, etc on this laptop.

You should enable Vista's logging and review the log and implement IPsec.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/CONTENTS/articles/ipsec.htm
http://support.microsoft.com/kb/813878

And if you need to stop outbound traffic/packets, Vista's FW and IPsec can
both do it by setting rules.

Thanks for the advice guys. I did a fair amount of reading on the Vista FW
tonight and only thing critical I read was about lack of prompting when a
program attempts outbound control. Some see this as a positive though as it
may be better than the false impression it may give to some who will simply
click yes allow access when prompted. I even came across a free utility
that adds this capability to the Vista Firewall.

<http://www.pcworld.com/downloads/file/fid,64950-order,1-page,1-c,firewalls/description.html>

I'll have to learn more about the IPsec you've mentioned above and
appreciate the tips.

 

[Straight Talk]

Thanks for the advice guys. I did a fair amount of reading on the Vista FW
tonight and only thing critical I read was about lack of prompting when a
program attempts outbound control. Some see this as a positive though as it
may be better than the false impression it may give to some who will simply
click yes allow access when prompted. I even came across a free utility
that adds this capability to the Vista Firewall.

<http://www.pcworld.com/downloads/file/fid,64950-order,1-page,1-c,firewalls/description.html>

I'll have to learn more about the IPsec you've mentioned above and
appreciate the tips.

As a response to above mentioned article, also read:
http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx