1 What
is a Firewall?
2 Broadband users -
more risk factor
3 How to enable
Internet Connection Firewall?
4 Situations where some
applications require disabling the firewall
5 Firewall Logging - Inspect the
ICF pfirewall.log
6 Who Does Not Need to Enable
Internet Connection Firewall?
7 ICF - Known Issues
8 ICF protects inbound
traffic only
9 Can a third-party firewall
co-exist with Windows XP ICF?
10 How effective is your
Firewall?
|
What is a Firewall? Firewalls help safeguard your computer by enforcing restrictions on incoming traffic. Firewalls can also help mask your computer's identity, so hackers' attempts to probe or scan your computer cannot return the type of information that makes it easy to invade.
More risk if you use broadband
[DSL or a cable
modem]
Install a firewall to help protect your computer:
Windows
XP users: Never connect to internet without enabling the ICF. Failing to enable
ICF results in Worm attacks over internet. Finest example is the Blaster Worm
which attacked "Unprotected" and "Unpatched" systems. Some
reading here: Microsoft
Support WebCasts on Internet Connection Firewall: ICF Turned ON by default -
Microsoft Windows Code Named "Longhorn" Preview Release:
|
How to enable Internet Connection Firewall?
Open Network Connections by typing NCPA.CPL in the RUN box.
Click the Dial-up, LAN or High-Speed Internet connection that you want to protect.
Under Network Tasks, click Change settings of this connection.
On the Advanced tab, under
Internet Connection Firewall, select the following option:
Protect my computer and network by limiting or preventing access to
this computer from the Internet box.
|
|
Situations where some applications require disabling the firewall What if some applications/Remote Administration software requires ICF turned OFF. In this case, you need to manually open the ports required for the application, without disabling ICF entirely: However, you need to know the Port Number required for the program. See the links below: How to Manually Open Ports in Internet Connection Firewall in Windows XP: Remote Desktop through the firewall - ICF Programs Require Manual Port Configurations
with Internet Connection Firewall: How to Open Ports in the Windows XP Internet
Connection Firewall: [Ports vs Applications] Firewall Logging - Analyse the Pfirewall.log file If you want to examine incoming
connection attempts, you can turn on logging from the ICF Advanced Settings
tab as well as specify the size of a log file. The default log file name is Pfirewall.log,
located in the %Systemroot%. If you’re experiencing
connectivity issues and need to trouble shoot your connection, the ICMP tab
provides some configuration options for this purpose. |
For better clarity, you may third-party ICF Log analysers available here:
FireLogXP 1.11 : http://www.majorgeeks.com/download4035.html
XP Logger 2.01a : http://www.majorgeeks.com/download3307.html
Who Does Not Need to Enable Internet Connection Firewall?
o
Unit is configured as an ICS Client. Firewall need
to be enabled on the Internet Source [ICS Host]
o
Unit is behind a NAT box or router
o Unit is connected to a domain in Corporate Network
Internet Firewalls Can Prevent
Browsing and File Sharing:
http://support.microsoft.com/?kbid=298804
[To resolve this behavior, use a
firewall only for network connections that you use to connect directly to the
Internet. For example, use a firewall on a single computer that is connected to
the Internet directly by using a cable modem, a DSL modem, or a dial-up modem]
Internet Programs May Not Work as Expected with
the Internet Connection Firewall Enabled:
http://support.microsoft.com/?kbid=308123
Remote Assistance May Not Work
if Internet Connection Firewall Is Enabled:
http://support.microsoft.com/?kbid=310608
Cannot Use DirectPlay Programs
on the Internet After You Install Windows XP SP1:
http://support.microsoft.com/?kbid=327299
Internet Connection Firewall Does Not Filter or Provide Firewall Services
During Startup and Shutdown:
http://support.microsoft.com/?kbid=323009
[To be fixed in XP Service Pack 2]
Netmeeting Does Not Disconnect When You Use It Through a Windows XP Firewall:
http://support.microsoft.com/?kbid=328070
Windows XP Internet Connection Firewall blocks incoming attacks only
Windows XP ICF does not
monitor the outgoing connections from your computer. This means, the trojans and
other malicious programs, data-miners are not detected. Any information can be
sent by a malware program from your computer, as you are not alerted about that.
Consider using a third-party Application based firewall like ZoneAlarm from www.zonelabs.com
. Sygate or Outpost Firewall. ZoneAlarm is truly an application based
firewall which alerts you whenever a program accesses the internet. You can
configure the rule if you want to allow Internet access to an application
permanently or on a case-by-case basis. You can also configure if your
application should act as a server or just an application.
To quickly monitor which processes are accessing the internet [established],
open a Command Prompt window and type "NETSTAT -o". This shows
the Process IDs which have established connections to a server. This is a quick
way to identify is a Trojan is active. Next option is to use Port Scanners.
TCPView, excellent utility from
Sysinternals.com
shows the TCP information to quickly track which application is doing what.
Using these utilities add value to the system security, and this does not mean
Firewalls are not necessary. Firewalls are a must. If a trojan accesses
the internet [may be to steal your passwords, valuable information], ZoneAlarm
or any other App-based firewall alerts you that a new program <programname.exe>
is accessing the internet. Think well before allowing access to a program.
Otherwise, the very purpose of a Firewall is defeated. If you see any suspicious
names, search www.google.com using the keyword and find out what application is the
file related to. Or, seek assistance from experts in Microsoft Newsgroup or any
reputed online Technical support forum. Then decide whether to allow access
or not.
Can a third-party firewall co-exist with Windows XP ICF?
I use ZoneAlarm and also enabled ICF as well.
Have faced no problems so far. However, the rule is "NO". See
this from Microsoft:
Does Internet Connection Firewall interoperate with other software firewalls
such as Norton and McAfee? http://support.microsoft.com/default.aspx?scid=%2Fservicedesks%2Fwebcasts%2Fen%2Fwc050702%2Fwct050702.asp
Windows XP SP2 Firewall
Understanding Windows Firewall in Windows XP Service Pack 2:
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
How effective is your Firewall?
To test the effectiveness of the
Firewall installed in your computer, you could try any of the online leak tests.
The tests are offered by many third-party sites.
Test your Firewall:
https://grc.com/x/ne.dll?bh0bkyd2
http://grc.com/lt/leaktest.htm
http://www.hackerwatch.org/probe/
http://www.auditmypc.com/
The
above tests are to check the inbound protection only. As Internet is a two-way
data transmission, you will have to test the outbound protection for extra
security. Test the firewall's outbound protection, using Steve Gibson's LeakTest
utility.
Quoted from LeakTest HowTo page:
"Perform a LeakTest: Look through your firewall's
permissions for the filename of any program that is granted access through the
firewall. Then simply rename LeakTest to that name (just as a Trojan, virus, and
spyware would) and run it"
Also read: How to block Pop-ups?