Configuring the Windows XP Internet Connection Firewall

Introduction

Windows XP comes with a built-in firewall called the Internet Connection Firewall, or ICF for short. For people who do not want to spend the money on a commercial software firewall, this firewall will be more than enough to protect your computer. There are some problems with ICF that I will discuss below, but this firewall will be more than adequate in protecting your computer from hacking attempts from script kiddies to seasoned hackers.

Features

By default, ICF disables all incoming traffic to your computer, including ICMP traffic, which consists of pings. Just like all other firewalls you can specify which services/ports you would like to have available on the Internet from your computer. This will allow you to open up ports for services like web servers, mail servers, game servers, etc. ICF comes preconfigured with the basic services that you can enable to be opened, and you also have the ability to add other rules for incoming traffic that are not preconfigured. If you would like, you also have the ability to enable incoming ICMP traffic, so that you can ping and traceroute to your computer.

There are two major disadvantages to using ICF:

The first disadvantage is that it does not restrict outgoing traffic from your computer or restrict applications from using your Internet connection. This means that if have a virus , ICF will allow your applications to send data to the Internet without your permission.

The second disadvantage, which will be addressed in Windows XP Service Pack 2, is that when you boot your computer, Windows will enable your Internet connection before it enables the built-in firewall. This means that if someone attempts to hack your computer or portscan you while your computer is booting, your computer will be available on the Internet before the firewall starts up. This creates a limited opportunity for your computer to be hacked. Though this risk is mitigated by the short length of time between your Internet connection being active and the firewall starting, it is still a risk to take into consideration.

Enabling the Internet Connection Firewall

Note: In order to enable ICF you must be logged in as an Administrator.

To enable the firewal follow these steps:

Click on Start, then click on Run.

In the Open field, type control and press OK.

This will launch the control panel. If you see a selection similar to Figure 1, Click on Classic View which is circled in red in the figure below..

Figure 1: Control Panel in Category View

After clicking on classic view you should now see a screen that looks like Figure 2.

You will then want to double click on Network connections, which is circled in Figure 2.

Figure 2. Control Panel in Classic Mode

After double clicking on Network Settings, you will be presented with the various network connections that you have available. These can range from an Ethernet connection to a dialup. In my case, it is an ethernet connection that i want to enable the firewall for, and it is shown circled in Figure 3.

.

Figure 3. Network Connections

You would right click once on the "Local Area Connection", or whatever your connection is called, and left click on properties. This will bring up the properties page for your network connection as seen in Figure 4.

Figure 4. Network Connection Properties

From this screen, you should click on the Advanced tab, which is circled in Figure 4. You will then be presented with a screen similar to Figure 5.

Figure 5. Advanced Tab of Network Properties Screen

This screen is where you enable and disable the Internet Connection Firewall. If there is a check mark in the box, circled in red on Figure 5, labelled "Protect my computer and network limiting or preventing access to this computer from the Internet", then the firewall is already active on your computer. You can remove the check to disable the firewall service if you choose to. If there is not a check in the box, you can enable the service by putting a checkmark in this box.

Note: If you uncheck the box to disable the firewall and press OK, a message will come up asking you to confirm this decision. You can press Yes or No depending on what you would like to do.

For this tutorial we will continue enabling the firewall, so you should put a check in the checkbox. When you do this, the settings button will become available as seen in Figure 6.

Figure 6. Firewall enabled allowing you to click on Settings button

When you click on settings, you will then have the opportunity to open up certain services and ports to use on your computer. Unless you absolutely need to have people on the Internet connect to your computer, I would leave all of these blank as shown in Figure 7.

Figure 7. Advanced Settings

There are two other tabs called Security Logging and ICMP. These tabs are used for logging people trying to connect to your computer and for enabling ICMP options such as ping and traceroute. I would leave the ICMP tab alone, but enable logging of people attempting to connecto your computer by putting a check in the "Log dropped packets" box as shown in Figure 8.

Figure 8. Logging Tab

You can optionally change the maximum size of the log file, and the location of the log file by typing it into the Name field or click on the Browse Button. When you are done, you should click on OK to close the Settings windows, and then OK again to close the Network Connections Properties windows and enable the firewall.

You now have a fully functional and free firewall running on your computer.

Advanced Tasks

If you are running a server, such as a mail server or web server, on your computer you can enable the firewall to allow traffic destined for those services to be allowed in. Following the steps above, navigate till you get back to the Advanced Settings windows as shown in Figure 7 and put a check mark next to the service you would like to allow in. If the service you would like to allow in is not listed you can click Add and enter the service manually.

Please note that with the firewall enabled other computers will not be able to connect to yours, even those computers that are on your local network. If it is necessary to share files from your computer to other computers, you can open up the ports for the Microsoft File sharing to allow the computers to connect. Word of warning, though, by allowing those connection, anyone on the Internet will be allowed in as well. If you still want to open those ports, you would allow in UDP port 135-139 and TCP ports 135-139.

Conclusion

As you can see, you have a fairly powerful firewall at your disposal for absolutely free. There are some shortcomings, but it will do the job of securing your computer from hackers on the Internet. This firewall will be even more powerful after the Windows XP service pack 2 is released, so be sure to update that service pack when it comes out.

I hope you found this tutorial useful.