Windows Firewall Audit Tool: GlossaryPrepared: 11 February 2013
|Document Purpose and Introduction|
|This document defines the fields and terms presented in SekChek’s Windows Firewall Audit tool report. Windows Firewall with Advanced Security is available from Windows Vista and Windows Server 2008.
Windows Firewall is a host-based firewall that filters incoming and outgoing connections based on its configuration. Host-based firewalls, which are distinct from network perimeter firewalls, provide protection for traffic generated inside a trusted network. While end-users typically configure Windows Firewall through the main Windows Firewall Control Panel, advanced configuration is performed via a MMC snap-in named Windows Firewall with Advanced Security.
Windows Firewall with Advanced Security supports separate profiles (sets of firewall and connection security rules) for when computers are members of a domain, or connected to a private or public network. It also supports the creation of rules for enforcing server and domain isolation policies.
Windows Firewall with Advanced Security supports more detailed rules than previous versions of Windows Firewall, including filtering based on users and groups in Active Directory, source and destination Internet Protocol (IP) addresses, IP port number, ICMP settings, IPsec settings, specific types of interfaces, and services.
|Overview Section [Top]|
|Profile Type||Indicates the type of Firewall profile. Windows Firewall supports three types of profile: Domain, Private and Public.|
The Domain profile applies when a computer is connected to a network in which the computer’s domain account resides.
The Private profile applies when a computer is connected to a network in which the computer’s domain account does not reside, such as a home network. The Private profile settings should be more restrictive than the Domain profile settings.
The Public profile applies when a computer is connected to a domain through a public network such as those available in airports and coffee shops. The Public profile settings should be the most restrictive because the computer is connected to a public network where security is not tightly controlled.
|Profile Active||Indicates whether the profile is active. Values = Yes and No.|
|Firewall State||Indicates whether the firewall is enabled. On = Enabled; Off = Disabled.|
|Inbound Connections||The default action for inbound traffic:
|Outbound Connections||The default action for outbound traffic:
|Display Notifications||Indicates whether interactive firewall notifications are displayed when a program is blocked. Values = Yes and No.|
|Allow Unicast Response||Indicates whether the firewall allows unicast responses to multicast and broadcast traffic. Values = Yes and No.|
|Other Report Sections [Top]|
|Name||The name of the Firewall rule.|
|Description||A brief description of the Firewall rule.|
|Rule Direction||The direction of traffic for which the rule applies: Inbound; or Outbound.|
Inbound rules explicitly allow, or explicitly block, traffic that matches the criteria in the rule. For example, you can configure a rule to explicitly allow traffic secured by IPsec for Remote Desktop through the firewall, but block the same traffic if it is not secured by IPsec.
Outbound rules explicitly allow, or explicitly deny, traffic to the computer that matches the criteria in the rule. For example, you can configure a rule to explicitly block outbound traffic to a computer through the firewall, but allow the same traffic for other computers.
|Enabled||Indicates whether the rule is enabled or disabled.|
|Action||The action for a rule and whether it it the default setting. Values = Allow and Block.|
A Block action takes precedence over an Allow action unless the Override block rules option is selected when a firewall rule is created.
|Group||The group to which the Firewall rule belongs. Grouping allows multiple firewall rules to be grouped together for easier administration in the Windows Firewall Control Panel.|
|Profiles||The profiles to which the rule belongs: Domain; Private; or Public.|
|Interface Types||Specifies which interface type the connection security rule is applied to, including the local area network (LAN), a wireless network adapter, remote access, or all network connection types.|
|Edge Traversal||Edge Traversal allows the application, service or port to which the rule applies to be globally addressable and accessible from outside a NAT or edge device.|
|Programs||The path and name of the program to which this rule applies.|
|Services||The name of the service to which this rule applies.|
|Local IP Address||The local addresses to which the rule applies.|
|Remote IP Address||The list of remote addresses to which the rule applies.|
|Protocol||The IP protocol to which this rule applies. E.g. TCP, UDP and IPv6.|
|Local Port||The local ports to which the rule applies.|
|Remote Port||The remote ports to which the rule applies.|
|Other free security and audit tools from SekChek... [Top]
» Tools Library | PC Auditor | Windows Firewall Auditor | List Missing Windows Updates | List Installed Products | Search Event Log | Query Active Directory | Query Access Permissions | Sid Resolver | Find Orphaned Sids | List Open Files | Ping
Copyright© 2008-2013, SekChek IPS. All rights reserved.
SekChek® is a registered trademark of SekChek IPS. All other trademarks are the property of their respective owners.
About SekChek IPS
SekChek® IPS is a leading provider of computer security review, auditing and benchmarking tools and has served many of the world’s largest companies and public institutions in 130 countries since 1996. SekChek’s clients include security and audit professionals in IT departments, audit firms, internal audit functions, regulatory compliance and corporate governance departments. SekChek’s benchmarking features compare security policies and controls against a unique statistics database containing more than 30 million anonymous and real-life security measurements compiled from 70,000 computer systems across all major industry sectors.