Is the XP SP2 firewall getting a raw deal?

A current report on a new denial of service vulnerability involving Windows RDP (Remote Desktop Protocol) blaming the Windows XP SP2 (Service Pack 2) firewall has touched off firestorm of inaccurate coverage fthat gets "blindly regurgitated in the forums." George Ou sets us straight.

“A recent report on a new denial of service vulnerability involving Windows RDP (Remote Desktop Protocol) blaming the Windows XP SP2 (Service Pack 2) firewall has touched off a rash of sensationalism from other media outlets that gets blindly regurgitated in the forums. This has caused some unwarranted confusion and fear in the IT industry. The original story incorrectly blamed the XP SP2 firewall for failing to protect against the RDP flaw. This was a false characterization of the XP SP2 firewall which has a history of being mischaracterized as something that breaks a lot of applications or is somehow unreliable. This has resulted in some harm to the general public because too many windows users are refusing to protect themselves with Windows XP SP2. Larry Seltzer did a wonderfully accurate and educational assessment on XP SP2 but is drowned out by all the doom and gloom sensationalism.

When Microsoft first came out with XP SP2 last year, its new firewall feature was incorrectly blamed for breaking hundreds of applications when in fact any personal firewall installed without the proper holes drilled would have caused the exact same issues. This latest story on the RDP vulnerability seems to be yet another slam on the SP2 firewall with the incorrect accusation that it fails to protect against this new RDP denial of service vulnerability. While it's technically true that a SP2 firewall with port TCP 3389 (used by RDP) opened to anyone will result in a successful denial of service attack to an unpatched windows machine, this is the normal behavior of any stateful packet inspection firewall.… ”

You can protect all the PCs in your office or home by simply implementing a router with a basic firewall or just NAT (Network Address Translation) capability. A router for the home with a built-in switch can be purchased for less than $40. Not only does the router protect you from a vast array of attacks, it also acts as an Internet sharing device. Another easy thing to do is to turn on the Windows XP SP2 firewall make sure that the RDP service is either entirely blocked or only permitted to enter from trusted network sources. You can find more in-depth information here to turn off the RDP service entirely or configure the XP SP2 firewall. One of the nicest features of the XP SP2 firewall besides the fact that it's free with Windows is that it can easily be managed from a central location. This can be done from a legacy Windows NT 4.0 domain environment using a script or better yet from a group policy in a Windows 2000/2003 Active Directory. This allows a Microsoft network administrator to quickly configure every single windows XP computer in the company with a single login script or a single group policy.

http://blogs.zdnet.com/Ou/index.php?p=81&tag=nl.e539