Thursday, March 22, 2007

Configuring the Windows Firewall in Windows XP SP2

Windows XP Service Pack 2 comes with a built in firewall feature that helps make your system less vulnerable to attack by outside users or by malicious software, such as viruses. It is installed automatically when you install Service Pack 2. There are ways to adjust the settings of the firewall to work around potential things that you may not want blocked from your computer. You an also turn it off but it is not recommended unless you have some other firewall solution.

A firewall is PC software or hardware that restricts information that comes to your computer from other computers on the internet and allows you to control the data coming in and out of your computer. It checks information or traffic coming from the internet or your network and then either allows or disallows it, depending on your firewall settings. A firewall also provides protection against people or programs, including viruses and worms that try to connect to your computer with the intent to cause harm.

To open the Windows Firewall you can go to start, settings and then Control Panel and double click the Windows Firewall icon. Or you can go to Start and then run and type wscui.cpl to open the Windows Security Center and then access the firewall from there.

As you can see here you have the options to turn the firewall on or off as well as allow or disallow exceptions. Exceptions are rules that allow certain types of user defined traffic into your computer.

You can see in this example that certain programs are allowed to pass traffic to and from the computer. You can also add programs not on the list or open ports that may be needed by certain applications.

You may have seen a message from the firewall asking you if you want to block or unblock a connection. If you choose to unblock the connection, Windows Firewall creates an exception so that the firewall won't prompt you when that program needs to receive information in the future.

The Advanced tab allows for further configuration of the firewall.

It will allow you to change settings such as which network connection the firewall will be used on. Most users will only have their one main internet or network connection. You can also enable logging from this area. There are the following options for logging:

To enable logging of unsuccessful inbound connection attempts, select the Log dropped packets check box.

To enable logging of successful outbound connections, select the Log successful connections check box.

Under Log File Options you can change the name and location of the firewall log.

Security logging is not enabled by default.

You can also choose to have the computers on your network share error and status information using ICMP.

Keep in mind that the Windows Firewall does not detect or disable computer viruses and worms if they are already on your computer, stop you from opening e-mail with dangerous attachments or block spam or unsolicited e-mail. So you still need to be careful and implement virus protection software and watch for those strange e-mails.

No comments: