Re: draft-ietf-v6ops-nap-00.txt & NAT security [2.2]

[Mohacsi Janos <mohacsi@niif.hu>]

On Wed, 6 Apr 2005, Mark Smith wrote:

> On Tue, 5 Apr 2005 22:22:58 -0700
> "Christian Huitema" <huitema@windows.microsoft.com> wrote:
>
> > > For example, as I mentioned, modern OSes have firewalling out of the
> > > box. From what I'm aware of, the only component missing, at least in
> > the
> > > commercial space i.e., products you can buy, for scalable host based
> > > firewalling is mechanisms to deploy the (corporate) firewalling policy
> > > to the host.
> >
> > Actually, the firewall in Windows XP/SP2 "professional" can be
> > controlled by "group policy", automatically applying the firewall policy
> > defined by the (windows) domain administrator.
>
> That's interesting, I wasn't aware of that. With MS's market share, I
> suppose that that means that end-node firewall policy deployment is
> already "mainstream".

I agree, but capabilities of Windows XP+SP2 firewall are rather limited. 
You can control only incoming traffics and there is no stateful 
capabilities, that helps you a lot.

Regards,

Janos Mohacsi
Network Engineer, Research Associate
NIIF/HUNGARNET, HUNGARY
Key 00F9AF98: 8645 1312 D249 471B DBAE  21A2 9F52 0D1F 00F9 AF98