From: "Glenn Meadows" 

Sounds like it's becoming a better tool, that's all I was interested in for
now, thanks.

--

Glenn M.
"Mike N."  wrote in message
news:tl10515kju1vof4jrlu05d1f02mr5teg8c{at}4ax.com...
> On Sat, 2 Apr 2005 20:32:44 -0600, "Glenn Meadows"

> wrote:
>
>>Mike,  Did MS add a real firewall to 2003 server in the SP1 release?  I
>>heard from someone that they did.  Does it work like true firewall, or is
>>it
>>the same one that they brought to the front in SP2 for XP?
>
>  It's slightly improved.   It doesn't have outgoing blocking by
> application like ZoneAlarm.   I don't think this is critical for a server,
> which normally operates in a 'headless, faceless' mode without an operator
> to answer Yes or No to allow new outgoing programs access.   Also there
> should generally be policies that prohibit web surfing or E-mail from a
> server - the most common vector for introducing trojans or viruses.   But
> if outgoing access restriction  is important to a particular
> configuration,
> then a 3rd party server firewall is still required.
>
>  They went a bit beyond just slapping in the XP SP2 firewall - you can
> allow incoming access exceptions by program - if the program terminates,
> the port is closed.  I'm not sure how valuable that one is in the end
> though; the TCP/IP stack is almost never vulnerable without a program
> listening.   Most importantly, you can now set firewall policies and
> security configurations for both servers and workstations.
>
>  The firewall cannot be used with Routing and Remote access - which has
> its own firewall.
>  The firewall provides a tool to protect the computer in the event you
> like running naked on the internet.  For example if I understand it, if
> you
> install a new slipstreamed server 2003 , all external access is closed by
> default.  You can put it on the internet without a hardware firewall to
> obtain security updates without getting wormed.
>

--- BBBS/NT v4.01 Flag-5