December 25th, 2004, 09:10 AM
Windows Firewall for XP SP2
This tutorial covers basic useful information for people using Windows firewall for Windows XP with SP2. Now I know some people did update to SP2 but if you didnt IMO your missing some of the latest security patches from Microsoft which are avilable ONLY if you have SP2 installed.
Windows Firewall for XP SP2
Windows firewall, a stateful filtering firewall previously known as Internet connection Firewall (ICF) increases protection against probes that scan for information on open ports and active IP addresses, and denies all unsolicited inbound traffic.
It allows outbound traffic to flow normally, and automatically accepts inbound responses to outbound requests. Windows firewall by default is always turned on, unlike ICF that had to be configured to be turned on.
Stateful filtering works by examining a packets state and the context information of a session. Windows firewall uses a security policy with three primary rules:
These three rules allow for normal internet access such as: browsing, email, IM, while preventing any unsolicited packet flow. You can also declare exceptions to the security policy, to allow server applications to work.
1.) Any packet that matches an established connection flow is forwarded.
2.) A sent packet that does not match an established connection flow creates a new entry in the
connection flow table and is forwarded.
3.) A received packet that does not match an established connection flow is dropped.
To configure windows firewall, use the "Security Center", which is in the control panel or directly open the firewall itself from the control panel.
Windows firewall has three major states:
2.) On with no exceptions,
3.) And Off.
Heres what each one means:
Dont allow exceptions
1.) The "ON" state protects the computer but allows specific declared exceptions to the security policy.
2.) The "On with no exceptions", state can be used when a computer is used in an unsecured
enviroment such as a public wireless network, or a Local Area Network (LAN) where a virus been detected
3.) The "Off" state can be useful for diagnosing firewall related promblems such as: log no surf, unable to connect to FTP servers etc...
When you select dont allow exceptions, windows firewall blocks all requests to conect to your computer, including those from programs or services on the exceptions tab.
The firewall also blocks file and print sharing, and discovery of network devices.
Using windows firewall with no exceptions is useful when you connect to a public network, such as one at a airport or hotel. This setting can help you protect your computer by blocking all attempts to connect to your computer. When you use windows firewall with no exceptions, you can still view websites, email, use IM programs.
Click start, go to the control panel, click on "security center", click on windows firewall, click on the exceptions tab. In this window,exceptions for specific programs and services can be configured.
For example, lets say you have a home network and you would like to share a printer attached to your windows xp PC an exception must be made for "File and printer sharing traffic".
Highlight specific service and click "edit" to allow changes to be made to specific ports.
Click "change scope" to allow changes in scope to be made to an exception.
Then select the "scope" that will be affected. For example, File and printer sharing traffic can be limited to only the local network.
The "advanced tab" displays allow the windows firewall to be configured for specific network adapters, gives options for logging and ICMP ('ping') response, and provides a button to return the firewall to its default settings. (useful is you ever misconfigure your firewall)
The windows firewall can also be configured to allow certain types of traffic. The firewall log file can be found here by default: C:\WINDOWS\pfirewall.log
Now there are some disadvantages to using this firewall. For example,
ICF only monitors incomming traffic. Not outbound. Also, it only alerts you when applications try to download information. Not upload information to a remote server. I hope you find this information to be useful. Any comments? suggestions?