Windows Filtering Platform in Windows Server 2008

To facilitate the development of network traffic filtering products, Microsoft created the Windows Filtering Platform (WFP). It is available in both Windows Vista and Windows Server 2008. WFP is not a firewall but rather a set of system services and Application Programming Interfaces (APIs) for use by Microsoft and third-party developers. WFP enables unparalleled access to the Transmission Control Protocol/Internet Protocol (TCP/IP) stack so that inbound and outbound network packets can be examined or changed before allowing them to proceed. Developers can use WFP to build a variety of diagnostic and security tools, including firewalls and antivirus software.

WFP includes the following architectural components:

• The RPC Interface provides access to the WFP. Firewalls and other applications make calls to the WFP API, which are then passed to the Base Filtering Engine (BFE).

• The Base Filtering Engine is the user-mode component that arbitrates between applications making filter request and the Generic Filter Engine, which runs inside the driver that implements the next-generation TCP/IP stack. The BFE adds and removes filters from the system, stores filter configuration, and enforces WFP configuration security.

• The Generic Filtering Engine (GFE) is the kernel mode component that receives filter information from the Base Filtering Engine, interacts with callout drivers, and interacts with the TCP/IP stack. As packets are processed up and down the new TCP/IP stack they are evaluated by the Generic Filter Engine to see whether they should be allowed through. The Generic Filter Engine performs this evaluation by comparing each packet with the relevant filters and callout modules.

• Callout modules are used when an application wants to perform deep packet inspection or data modification. For example, an antivirus tool may want to inspect traffic at the application layer before it is actually forwarded to the target application to ensure that no malware is present in the data.

Source of Information : Microsoft Press Windows Server 2008 Security Resource Kit

No comments:

Hybrid cloud storage architecture

Hybrid cloud storage overcomes the problems of managing data and storage by integrating on-premises storage with cloud storage services. In ...