is a Firewall?
2 Broadband users - more risk factor
3 How to enable Internet Connection Firewall?
4 Situations where some applications require disabling the firewall
5 Firewall Logging - Inspect the ICF pfirewall.log
6 Who Does Not Need to Enable Internet Connection Firewall?
7 ICF - Known Issues
8 ICF protects inbound traffic only
9 Can a third-party firewall co-exist with Windows XP ICF?
10 How effective is your Firewall?
What is a Firewall?
Firewalls help safeguard your computer by enforcing restrictions on incoming traffic. Firewalls can also help mask your computer's identity, so hackers' attempts to probe or scan your computer cannot return the type of information that makes it easy to invade.
More risk if you use broadband
[DSL or a cable
Install a firewall to help protect your computer:
XP users: Never connect to internet without enabling the ICF. Failing to enable
ICF results in Worm attacks over internet. Finest example is the Blaster Worm
which attacked "Unprotected" and "Unpatched" systems. Some
Support WebCasts on Internet Connection Firewall:
ICF Turned ON by default -
Microsoft Windows Code Named "Longhorn" Preview Release:
How to enable Internet Connection Firewall?
Open Network Connections by typing NCPA.CPL in the RUN box.
Click the Dial-up, LAN or High-Speed Internet connection that you want to protect.
Under Network Tasks, click Change settings of this connection.
On the Advanced tab, under
Internet Connection Firewall, select the following option:
Protect my computer and network by limiting or preventing access to this computer from the Internet box.
What if some applications/Remote Administration software requires ICF turned OFF. In this case, you need to manually open the ports required for the application, without disabling ICF entirely: However, you need to know the Port Number required for the program. See the links below:
How to Manually Open Ports in Internet Connection Firewall in Windows XP:
Remote Desktop through the firewall - ICF
Programs Require Manual Port Configurations
with Internet Connection Firewall:
How to Open Ports in the Windows XP Internet
Connection Firewall: [Ports vs Applications]
If you want to examine incoming
connection attempts, you can turn on logging from the ICF Advanced Settings
tab as well as specify the size of a log file. The default log file name is Pfirewall.log,
located in the %Systemroot%. If you’re experiencing
connectivity issues and need to trouble shoot your connection, the ICMP tab
provides some configuration options for this purpose.
Who Does Not Need to Enable Internet Connection Firewall?
Unit is configured as an ICS Client. Firewall need
to be enabled on the Internet Source [ICS Host]
o Unit is behind a NAT box or router
o Unit is connected to a domain in Corporate Network
Known Issues with ICF
Internet Firewalls Can Prevent
Browsing and File Sharing:
[To resolve this behavior, use a
firewall only for network connections that you use to connect directly to the
Internet. For example, use a firewall on a single computer that is connected to
the Internet directly by using a cable modem, a DSL modem, or a dial-up modem]
Internet Programs May Not Work as Expected with the Internet Connection Firewall Enabled:
Remote Assistance May Not Work
if Internet Connection Firewall Is Enabled:
Cannot Use DirectPlay Programs
on the Internet After You Install Windows XP SP1:
Internet Connection Firewall Does Not Filter or Provide Firewall Services During Startup and Shutdown:
[To be fixed in XP Service Pack 2]
Netmeeting Does Not Disconnect When You Use It Through a Windows XP Firewall:
Windows XP Internet Connection Firewall blocks incoming attacks only
Windows XP ICF does not
monitor the outgoing connections from your computer. This means, the trojans and
other malicious programs, data-miners are not detected. Any information can be
sent by a malware program from your computer, as you are not alerted about that.
Consider using a third-party Application based firewall like ZoneAlarm from www.zonelabs.com
. Sygate or Outpost Firewall. ZoneAlarm is truly an application based
firewall which alerts you whenever a program accesses the internet. You can
configure the rule if you want to allow Internet access to an application
permanently or on a case-by-case basis. You can also configure if your
application should act as a server or just an application.
To quickly monitor which processes are accessing the internet [established], open a Command Prompt window and type "NETSTAT -o". This shows the Process IDs which have established connections to a server. This is a quick way to identify is a Trojan is active. Next option is to use Port Scanners. TCPView, excellent utility from Sysinternals.com shows the TCP information to quickly track which application is doing what. Using these utilities add value to the system security, and this does not mean Firewalls are not necessary. Firewalls are a must. If a trojan accesses the internet [may be to steal your passwords, valuable information], ZoneAlarm or any other App-based firewall alerts you that a new program <programname.exe> is accessing the internet. Think well before allowing access to a program. Otherwise, the very purpose of a Firewall is defeated. If you see any suspicious names, search www.google.com using the keyword and find out what application is the file related to. Or, seek assistance from experts in Microsoft Newsgroup or any reputed online Technical support forum. Then decide whether to allow access or not.
Can a third-party firewall co-exist with Windows XP ICF?
I use ZoneAlarm and also enabled ICF as well.
Have faced no problems so far. However, the rule is "NO". See
this from Microsoft:
Does Internet Connection Firewall interoperate with other software firewalls such as Norton and McAfee? http://support.microsoft.com/default.aspx?scid=%2Fservicedesks%2Fwebcasts%2Fen%2Fwc050702%2Fwct050702.asp
Windows XP SP2 Firewall
Understanding Windows Firewall in Windows XP Service Pack 2:
How effective is your Firewall?
To test the effectiveness of the
Firewall installed in your computer, you could try any of the online leak tests.
The tests are offered by many third-party sites.
Test your Firewall:
above tests are to check the inbound protection only. As Internet is a two-way
data transmission, you will have to test the outbound protection for extra
security. Test the firewall's outbound protection, using Steve Gibson's LeakTest
Quoted from LeakTest HowTo page:
"Perform a LeakTest: Look through your firewall's permissions for the filename of any program that is granted access through the firewall. Then simply rename LeakTest to that name (just as a Trojan, virus, and spyware would) and run it"
Muchas gracias a Pepe Gallardo, Microsoft MVP, por traducir el artículo original al español. Para una versión inglesa del mismo, clic aquí.) Read the Spanish version of this article here.