The Windows XP firewall
protects against port scanning but has limitations and it is no replacement for a robust 3rd-party two-way personal firewall.
- The XP firewall is not a full featured firewall. Normal firewalls allow you to specifically control each TCP and UDP port but XPís firewall does not provide you with this capability. Instead, it takes a point and click approach to enabling or disabling a few common ports.
- The XP firewall does a good job of monitoring, examining and blocking inbound traffic but makes no attempt to filter or block outbound traffic like most 3rd-party personal firewalls.
- Thus, the XP firewall does not identify which programs attempt to initiate outbound network or Internet communications nor does it block the traffic when suspicious activity occurs.
- This feature can be helpful in preventing many types of malware attacks that may attempt to open ports or communicate with outside servers without the user's knowledge or consent. It also means that if your system has been compromised, a hacker could use your machine as part of a distributed denial of service attack.
- By default, Windows Firewall rejects all incoming traffic unless that traffic is in response to a previous outgoing request. If you're running Windows XP Service Pack 2 (SP2), Windows Firewall is turned on by default. If you Firewall is not turned on by default, then your using an unpatched OS and need to update your system to SP2.
A hardware firewall
is really a software firewall running on a dedicated piece of hardware or specialized device (routers, broadband gateways) that sits between a modem and a computer or network. A hardware firewall is based on "Network Address Translation
" (NAT) which hides your computer from the Internet or NAT plus "Stateful Packet Inspection
" (SPI). It can provide a strong degree of protection from most forms of attacks coming from the outside (incoming traffic
). Hardware firewalls are easy to configure and can protect every machine on a local or home network. A hardware firewall typically uses packet filtering to examine the header of a packet to determine its source and destination addresses. This information is compared to a set of predefined or user-created rules that determine whether the packet is allowed (forwarded) or denied (dropped) on particular ports. They tend to treat any kind of traffic traveling from the local network out to the Internet as safe which can be a security risk.
With a software firewall
you have customized control and can specify which applications are allowed to communicate
) over the Internet from your computer. Programs that are not explicitly allowed to do so are either blocked or else the user is prompted for confirmation before the traffic is allowed to pass. Software firewalls generally offer the best measure of protection against Trojans and worms
but they are harder to configure and must share resources with other running processes which can decrease system performance. Many software firewalls have user defined controls for setting up safe file and printer sharing and to block unsafe applications from running on your system.
Using two software firewalls on a single computer could cause issues with connectivity to the Internet or other unexpected behavior. Further, running multiple software firewalls can cause conflicts
that are hard to identify and troubleshoot. Only one of the firewalls can receive the packets over the network and process them. Sometimes you may even have a conflict that causes neither firewall to protect your connection. However, you can use a hardware firewall (your router) and a software firewall (Kerio or ZoneAlarm) in conjunction. For more information see "The Differences and Features of Hardware & Software Firewalls