It is no longer enough to provide firewall services at an organization’s network perimeter. Each server and desktop computer that resides inside network boundaries requires its own security protection. In addition, when corporate laptops are plugged into the Internet from employee homes or hotel rooms, they become part of the perimeter of the corporate network. One way to protect hosts is by implementing a firewall on each individual host.

Firewall services are native to Windows XP and Windows Server 2003. While this book focuses on Windows Server 2003, it is important to have Windows XP information so that you can manage Windows XP clients in a Windows Server 2003 forest. This chapter examines Windows Server 2003 firewall services, including a personal firewall, TCP/IP protocol filters, a basic firewall as part of Routing and Remote Access Services (RRAS), and additional port filtering capabilities as part of the configuration of RRAS and its remote access policies. IP Security (IPSec) policies, also included in Windows Server 2003 firewall services, are discussed in Chapter 11.

Service Pack 2 (SP2) for Windows XP and Service Pack 1 (SP1) for Windows Server 2003 improve native firewall services by renaming and adding additional capability to the host-based Windows Firewall and by enabling it by default on Windows XP SP2 computers.

To begin our discussion of Internet connection firewalls, let’s review some firewall basics.