Enabling the Firewall Included in Windows XP
- Administering Firewalls and Touring Its Advanced Options
- Tracking What's Going On with Your Firewall
Like this article? We recommend
Like this article? We recommend
Like this article? We recommend
WARNING!
This article is aimed at the first-time Windows XP user who needs to get started with configuring a firewall, but first needs to learn what one is. For the first-time user, this article is written to be a tutorial article. So if you're an advanced user, this article does not go into great depth—sorry! Instead, it's meant to be a tutorial for beginning XP users.
Given the fact that Microsoft projects that virtually everyone running Windows XP Professional will be connected to the Internet—either through dial-up connection, cable connection, ISDN, or LAN—the need for protecting systems from unwanted access over the Internet is critical. For the first time, Microsoft has included a software firewall in an operating system. Both Windows XP Professional and Home have software-configurable firewalls. Called an Internet Connection Firewall (ICF), this is a software application that blocks others from accessing your system while you are on the Internet. The firewall actually foils attempts by hackers to gain access to your system and then logs their efforts.
Firewalls have been around quite a while, and can be either in hardware or software form. Most companies use both approaches to make sure their data and accounts are kept safe. Keep in mind that there are degrees of security in any operating system; no one operating system can be considered completely safe from hackers or intrusion. It's more of a matter of making your system impenetrable to the majority of hackers out on the Internet.
Microsoft has created the Internet Connection Firewall (ICF) so that it can be enabled regardless of the type of network connection to the Internet. All connections share common properties, and the ICF is one of them. It's very easy to toggle on the ICF for virtually any connection. For example, presented here are the steps to enable the ICF for modem-based connections:
Click once on Network Connections in the Communications Menu.
Right-click on the icon that represents your Internet connection, and choose Properties. The Local Area Connection Properties dialog box appears.
Click once on the Advanced tab that is shown in Figure 1, specifically on the tab labeled Advanced in the Local Area Connection Properties dialog box.
Figure 1 Configuring the ICF through the Connection Properties dialog box.
Click once on the top entry on the Advanced page: Protect my computer and network by limiting or preventing access to this computer from the Internet. This enables the ICF.
Click once on OK, and the ICF is now in place. You will have to reboot to have the ICF enabled.
){kind=link}
Administering Firewalls and Touring Its Advanced Options
There are several points to keep in mind when you are working with an Internet Connection Firewall. These are key points specifically for those of you who will be administering them in organizations. Keep these tips in mind to troubleshoot ICF functions as well.
If your company or organization currently runs a VPN, there's a good chance that the server that is hosting the connection already has a firewall. If so, the ICF on Windows XP systems and the firewall(s) on the VPN hosting servers may conflict. If you have XP-based systems suddenly not capable of running, check to make sure there isn't a conflict at the ICF level.
Don't enable ICF in Windows XP systems if the existing network uses Windows 2000 or XP domain controllers, DHCP servers, gateways, or static IP addresses.
Keep in mind that if your network uses a remote exchange server to handle e-mail, the firewall will prevent the server from sending e-mail notifications to MS Outlook 2000 users. That is because the remote procedure call (RPC) that sends the notification has been initiated outside the firewall. Outlook 2000 users can still send and receive e-mail messages normally. However, they need to manually check for new messages from their own systems so the process begins within the firewall.
Do not enable the firewall in Network Connections icons on any local area connections, virtual private networking (VPN) connections, or any other non-Internet connections.
There's also a series of options for configuring the ICF that makes the most sense if you're an administrator because many users will not specifically deal with these configuration issues. As advanced functions of the Windows XP ICF, they are meant more to define how servers will communicate to clients; so these are not functions you have to change weekly or even monthly. They will reflect the security policies your company has in place. If you are working on a system that is part of a VPN, don't modify these settings because the VPN is specifically configured to work with Windows XP in a predetermined protocol set. Here are the steps to view the advanced ICF functions:
Right-click on the network connection of interest. Select the Properties dialog box.
Click once on Advanced.
Click once on the Settings button located at the bottom of the Advanced page. The Advanced Settings page appears, as shown in Figure 2.
Figure 2 Defining the advanced functions of the ICF.
It's a good idea to check with your system administrator before changing any of these elements because each permits access from the Internet to your system and servers. If you are a system administrator, you can toggle the specific levels of support you want to provide to allowing others to get through your firewall for specific purposes.
Click once on OK to close the dialog box.
Click once on OK again to close the Properties dialog box.
){kind=link}