Wednesday, February 2, 2005

How to Configure the Windows XP Firewall, part 2

This entry is about the Advanced tab on the Windows XP SP2 firewall. The Advanced tab allows you to choose the connections that you want firewalled (the default is all of them), configure logging, control ICMP behavior, and reset the firewall to its default state.

As with other settings, if the setting is configured at a domain level through domain policies, you will not be able to configure it locally (the settings will be grayed). You can also specify the specific types of connections that will allowed on a connection by connection basis by selecting a particular connection and choosing Settings. You might, for example, want to disable ICMP on an external connection but allow it on an internal connection.

Security logging allows you to log successful and failed connection attempts, specify the location of the log, and specify the maximum log size.

ICMP settings allows you to configure how the computer responds to various events on the network. According to RFC 792, ICMP (Internet Control Message Protocol) messages are sent in several situations, including when a datagram cannot reach its destination, when the gateway does not have the buffering capacity to forward a datagram, and when the gateway can direct the host to send traffic on a shorter route. ICMP is best known for its use with the PING utility. PING sends an ICMP echo to its target and the target responds with an ICMP echo reply. PING reports on the success and performance of such requests and responses. Although ICMP is a very handy troubleshooting tool in a network, it can also alert an attacker to the presence of a system. It is generally recommended, therefore, that ICMP be disabled (it is by default) on any external interface and internal interfaces on non-trusted networks. You can enable specific ICMP functionality if needed, but in general, it’s best to leave it disabled.

The Restore Defaults button does exactly what the name implies. Want to know more about supporting Windows? Check out our accelerated Windows training, available in both public and onsite seminars and workshops.

No comments: