FCS now has visibility into Windows Firewall as part of the Security State Assessment feature. Windows XP and Vista provide Windows Firewall as part of the base offering. Customers can choose to activate the Windows Firewall and use Active Directory Group Policy to manage the Windows Firewall. Now Forefront Client Security customer will also be able to get visibility into the status of Windows Firewall in Windows XP and Windows Vista.
This is part of FCS’s Security State Assessment (SSA) feature which allows security administrators to not only detect common vulnerabilities in their environment, but also configuration issues that increase their exposure.
With the new SSA check – customer can get a end-to-end Windows Firewall exposure. They can use Active Directory Group Policy to deploy configurable policies to Windows Firewall and use Forefront Client Security management console to get visibility into the state of Firewall .
FCS will scan the Windows firewall to provide the following visibility
- Status (on/off)
- If disabled on any network interface, report “high”
- If configured by Group Policy, scores as “informational”
- Exceptions (port, application, service)
- Enumerates each port and application exception
- Any exception not configured via GP, scores as “medium”
- If configured by Group Policy, scores as “informational”
- Captures applicability to each network interface
Upon seeing the report, customer can then take corrective action (i.e. enabling host firewall) through Active Directory Group Policy.This will be released as part of the SSA check update on Oct 23rd 2007. Administrators using WSUS will automatically download this check along with the virus signatures and clients will download it from the WSUS server.
kurtsh
Kurt Shintaku's Blog 