14 DAY TRIAL // The next iterations of the Windows client and sever platforms include the evolved Windows Filtering Platform compared to their precursors. WFP was initially introduced with Windows Vista and Windows Server 2008. Now, Windows 7 and Windows Server 2008 R2 will bring the WFP to the next level, with the addition of improvements as well as new features. At the start of this year, Microsoft published a whitepaper detailing the evolution of the Windows Filtering Platform in Windows 7, from the perspective of the WFP programming model and API set.
“Windows Filtering Platform (WFP) is a new architecture introduced in Windows Vista and Windows Server 2008. WFP allows independent software vendors (ISVs) to filter and modify TCP/IP packets, monitor or authorize connections, filter Internet Protocol security (IPsec)-protected traffic, and filter remote procedure calls (RPCs),” revealed Joe Davies, principal technical writer, Windows Server Networking Documentation Team.
Essentially what WFP permits ISVs to do is streamline the process of building security solutions that have to deal with filtering network traffic. According to Davies, a range of networking related applications from firewalls to antivirus, but even diagnostic solutions can leverage the Windows Filtering Platform in order to monitor as well as interact with outgoing and incoming TCP/IP packets. Actions such as analysis and modification can be performed on packets independent of TCP/IP packet processing.
“WFP is not a firewall. It is a set of system services and user-mode and kernel-mode APIs that enable you to develop firewalls and other connection-monitoring or packet-processing software. For example, Windows Firewall with Advanced Security in Windows Vista and Windows Server 2008 uses WFP.” Davies added.
The documentation made available by the software giant contains a variety of details on new features and enhancements, including: WFP Netsh Context, Name Resolution Cache, Version-Independent Macros, IPSec Secure Socket options, “System Port” Notification And Query, new MAC Layers, new Filter Match Types, Packet Tagging Support, Asynchronous Classify And Generic Layer Data Modification Functions For V1 Callouts, ALE “Pre-Connect” Layers, support for Edge Traversal Socket Properties, support for Multiple Firewall Profiles, ALE Reauthorization Reasons Indication Improvements, “STREAM_PACKET” Layers, Flow Management Improvements, and Endpoint Lifetime Management Improvements.