dcsimg

Windows XP Internet Connection Firewall

By ServerWatch Staff (Send Email)
Posted Sep 4, 2002


by Dan DiNicolo
http://www.2000trainers.com


While connecting to the Internet may seem innocent enough, users and administrators still need to take steps to ensure that their connections are secure. Dan Dinicolo's latest article discusses the Windows XP built-in Internet Connection Firewall (ICF) tool and how it works to keep the bad guys out while allowing you to surf in peace.

The Internet is both a wonderful resource and a very dangerous place. While connecting to the Internet may seem innocent enough, you still need to take steps to ensure that your connection is secure. This doesn't just apply to people with fancy broadband connections either. Every day, hundreds of people roam the Internet using a variety of utilities, doing nothing more than scanning ranges of IP addresses looking for unprotected systems. If you're connecting to the Internet from a system running Windows XP, security just got easier thanks to the included Internet Connection Firewall (ICF).

If you think that nobody would ever want to hack into your particular system, you're probably right. But that's not the point. A variety of easy-to-use tools are available to what are known as "script kiddies". Essentially, these are folks with a limited knowledge of hacking who are using pre-built tools to attempt to gain access to Internet-connected systems. While they may not care about you specifically, what they're usually after is the ability to connect to your PC, potentially take control of it, and even just root around through your files a little. Furthermore, it doesn't matter whether you're using a dial-up or broadband connection. While a high-speed connection may be a better (and easier) target, everyone connected faces a risk. On any given day, I check my log files and find between 10 and 15 connection attempts to my PC from outside users.

Again, almost none of the people are probably targeting me specifically. Instead, they are usually running a program known as a port scanner, which will scan ranges of IP addresses looking for open ports. An open port is created by a network application waiting for a connection. For example, you might be running a web or FTP server on your PC, or you may have unknowingly installed a Trojan horse program by opening an email attachment that somebody sent you. Of course, there may be nothing of interest running on your PC. But, when one of these script kiddies does find an open port, the next step is trying to connect to it -- maybe they'll get access to your system, and maybe they won't. Understand that there are literally hundreds of programs designed to give even the novice user a way to hack into your PC. When all is said and done, it's up to you to try and stop them.


Internet Connection Firewall

Systems running Windows XP include a new feature referred to as the Internet Connection Firewall. This tool is both easy to use and to configure. There really is no need to go out and purchase a more powerful tool unless you require more extensive reporting and want all kinds of fancy notification options. For the majority of users, Internet Connection Firewall will meet their basic need -- keeping the bad guys out, while allowing them to surf in peace.

Configuring the Internet Connection Firewall can be as easy as clicking a single button when setting up your Internet connection using the New Connection Wizard. The checkbox is found at the bottom of the screen, as shown below. By default, ICF will block any and all connection attempts from the outside world. That is, you'll be allowed to access the Internet as normal, but any connection attempts originating from the Internet will automatically be denied. If that doesn't sound like a bad default, you're right. However, it's also possible that you will need a little more flexibility in your environment.



Whether or not you chose to enable ICF when originally configuring your Internet connection doesn't matter. You can always access ICF settings by right clicking on the icon for your Internet connection in the Network Connections program and choosing properties. Enabling or disabling ICF is accomplished via the checkbox at the top of the Advanced tab. If you want to delve a little deeper into ICF's capabilities, you'll need to first enable ICF and then press the Settings button in the lower right.

While the default configuration provides great security, it's also possible that you require some users to connect to your system(s) from the outside world. For example, you may have your system configured as an FTP server, or potentially as a VPN server to give you access to your files while you're on the road. The defaults won't work for you here, since all connection requests will be denied. Instead, you'll need to configure ICF to allow certain requests to get through. This is accomplished using the Services tab in the ICF settings.

The list of available services shown below is decidedly short. Only the most common Internet services are defined. If these meet your needs, simply check the boxes associated with those services, and ICF will allow these connections through. If you need to provide access to a service not found on this list, you have a little more work ahead of you.



All applications wait for incoming connections on port numbers. These are usually pre-assigned to applications based on Internet standards. The first step in allowing access to an application (such as a web server) from the Internet is finding out the port number it uses to handle requests. For a web server, this is TCP port 80 by default. For other services the port number will vary, but usually it can be found in a program's documentation. Then, you simply set up a new entry on the Services list that includes a name and the associated port number.

Unlike many popular home firewall products, ICF will not bother you with annoying pop-up messages every time somebody attempts to scan your system. Again, remember that most people aren't attempting to access your system, but rather a range of systems according to IP addresses. If ICF is configured to not allow any connections from the Internet, outside users won't see any open ports on your system, so being notified shouldn't be an issue. However, all connection attempts should still be logged, as shown above. If enabled, connection attempts will be written to a file called pfirewall.log in your Windows directory. It's generally a good idea to check this file at least once in a while, just to get a sense for who is trying to connect to your system and when.

Finally, you can also control how your system responds to certain ICMP diagnostic messages, such as a ping request. Again, you have control over whether or not your system will respond. If ICF is enabled, your system will not respond to ICMP messages. In other words, if somebody pings you, your system won't provide a reply. If they don't get a reply, they'll probably assume that the IP address isn't valid or connected. In both cases, this is good news for you.

However, you may want to enable responses or other messages for your system. If so, you can enable them individually from the ICMP tab in the ICF settings. The log file shown below shows an attempted ping from system 192.168.1.200 that was dropped by my ICF protected system.



The Internet Connection Firewall is a step in the right direction for Microsoft. While it's only included with Windows XP at present, you can expect it to be part of all future versions as well. Whether you're using a dial-up or broadband connection, it's in your best interests to keep ICF enabled for all connections.

Dan
http://www.2000trainers.com

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.