Windows 7 Security Enhancements - Multiple Active Firewall Policies
(Page 2 of 4 )
In Windows Vista, firewall policy is based on the type of network connection established—such as Home, Work, Public, or Domain. This can often be a security problem for IT professionals because mobile users will connect to multiple networks while on the road.
For example, say a Microsoft employee connects to the Internet through a “Public” network and as a result, the Public firewall policy is applied to the computer. Subsequently, if the employee then wants to connect to the Microsoft corporate network through their VPN, the IT configured firewall settings for accessing the “Domain” corporate network cannot be applied, because the first network type (and thus the firewall settings) had already been set.
Windows 7 gets rid of this IT pain through support for multiple active firewall policies. This enables the users PC to obtain and apply domain firewall profile information regardless of other networks that may be active on the PC. IT pros can now simplify connectivity and security policies by maintaining a single set of rules for both remote clients and clients that are physically connected to the corporate network, and know that the rules are appropriately applied.
The next feature Cooke discusses, DirectAccess, automatically establishes a bi-directional connection from mobile client computers to a corporate network. This means that the end-user is not required to connect via a VPN tunnel, but rather through a secured access through the Internet.
DirectAccess also uses IPSec to authenticate the computer and user, encrypt the data crossing over the Internet, and can now even be used to require employees to authenticate with a smart card. And since DirectAccess is always on, IT pros can distribute software updates and policies at any time. Let’s find out more about this improved feature.
Next: DirectAccess >>
More Windows Security Articles
More By Joe Eitel
