Anilrgowda

What is a Firewall?

A firewall is a piece of software or hardware that creates a protective barrier between your computer and potentially damaging content on the Internet. It helps guard your computer against malicious users and many computer viruses and worms.
Firewalls help safeguard your computer by enforcing restrictions on incoming traffic. Firewalls can also help mask your computer's identity, so hackers' attempts to probe or scan your computer cannot return the type of information that makes it easy to invade.



About Firewall - Links:
Install a firewall to help protect your computer:
http://www.microsoft.com/security/articles/firewall.asp

Windows XP's native firewall - The Internet Connection Firewall [ICF]
http://www.microsoft.com/WINDOWSXP/h...omenet/icf.asp
Windows XP users: Never connect to internet without enabling the ICF. Failing to enable ICF results in Worm attacks over internet. Finest example is the Blaster Worm which attacked "Unprotected" and "Unpatched" systems. Some reading here:

What You Should Know About the Blaster Worm and Its Variants:
http://www.microsoft.com/security/incident/blast.asp
Microsoft Support WebCasts on Internet Connection Firewall:
http://support.microsoft.com/?kbid=324731
ICF Turned ON by default - Microsoft Windows Code Named "Longhorn" Preview Release:
http://support.microsoft.com/?kbid=829967

• Open Network Connections by typing NCPA.CPL in the RUN box.
• Click the Dial-up, LAN or High-Speed Internet connection that you want to protect.
• Under Network Tasks, click Change settings of this connection.
• On the Advanced tab, under Internet Connection Firewall, select the following option:
  Protect my computer and network by limiting or preventing access to this computer from the Internet box.

Situations where some applications require disabling the firewall
What if some applications/Remote Administration software requires ICF turned OFF. In this case, you need to manually open the ports required for the application, without disabling ICF entirely: However, you need to know the Port Number required for the program. See the links below:
How to Manually Open Ports in Internet Connection Firewall in Windows XP:
http://support.microsoft.com/default.aspx?kbid=308127
Remote Desktop through the firewall - ICF
http://www.microsoft.com/windowsxp/expertzone/columns..02august12.asp
Programs Require Manual Port Configurations with Internet Connection Firewall:
http://support.microsoft.com/?kbid=307554
How to Open Ports in the Windows XP Internet Connection Firewall: [Ports vs Applications]
http://www.microsoft.com/security/protect/ports.asp

DirectX: Ports Required to Play on a Network:
http://support.microsoft.com/?kbid=240429
Firewall Logging - Analyse the Pfirewall.log file
If you want to examine incoming connection attempts, you can turn on logging from the ICF Advanced Settings tab as well as specify the size of a log file. The default log file name is Pfirewall.log, located in the %Systemroot%. If you’re experiencing connectivity issues and need to trouble shoot your connection, the ICMP tab provides some configuration options for this purpose.

Analyse the Internet Connection Firewall security log

Open Pfirewall.log file with Notepad. Each line in the file represents an event that ICF has logged. Fields on the line are separated by spaces, and the Fields entry near the top of the file defines the name of each field.



Who Does Not Need to Enable Internet Connection Firewall?
o Unit is configured as an ICS Client. Firewall need to be enabled on the Internet Source [ICS Host]
o Unit is behind a NAT box or router
o Unit is connected to a domain in Corporate Network
Known Issues with ICF
Internet Firewalls Can Prevent Browsing and File Sharing:
http://support.microsoft.com/?kbid=298804
[To resolve this behavior, use a firewall only for network connections that you use to connect directly to the Internet. For example, use a firewall on a single computer that is connected to the Internet directly by using a cable modem, a DSL modem, or a dial-up modem]

Internet Programs May Not Work as Expected with the Internet Connection Firewall Enabled:
http://support.microsoft.com/?kbid=308123
Remote Assistance May Not Work if Internet Connection Firewall Is Enabled:
http://support.microsoft.com/?kbid=310608
Cannot Use DirectPlay Programs on the Internet After You Install Windows XP SP1:
http://support.microsoft.com/?kbid=327299

Internet Connection Firewall Does Not Filter or Provide Firewall Services During Startup and Shutdown:
http://support.microsoft.com/?kbid=323009
[To be fixed in XP Service Pack 2]

Netmeeting Does Not Disconnect When You Use It Through a Windows XP Firewall:
http://support.microsoft.com/?kbid=328070
Windows XP ICF does not monitor the outgoing connections from your computer. This means, the trojans and other malicious programs, data-miners are not detected. Any information can be sent by a malware program from your computer, as you are not alerted about that. Consider using a third-party Application based firewall like ZoneAlarm from www.zonelabs.com . Sygate or Outpost Firewall. ZoneAlarm is truly an application based firewall which alerts you whenever a program accesses the internet. You can configure the rule if you want to allow Internet access to an application permanently or on a case-by-case basis. You can also configure if your application should act as a server or just an application.

To quickly monitor which processes are accessing the internet [established], open a Command Prompt window and type "NETSTAT -o". This shows the Process IDs which have established connections to a server. This is a quick way to identify is a Trojan is active. Next option is to use Port Scanners. TCPView, excellent utility from Sysinternals.com shows the TCP information to quickly track which application is doing what. Using these utilities add value to the system security, and this does not mean Firewalls are not necessary. Firewalls are a must. If a trojan accesses the internet [may be to steal your passwords, valuable information], ZoneAlarm or any other App-based firewall alerts you that a new program <programname.exe> is accessing the internet. Think well before allowing access to a program. Otherwise, the very purpose of a Firewall is defeated. If you see any suspicious names, search www.google.com using the keyword and find out what application is the file related to. Or, seek assistance from experts in Microsoft Newsgroup or any reputed online Technical support forum. Then decide whether to allow access or not.
Can a third-party firewall co-exist with Windows XP ICF?
I use ZoneAlarm and also enabled ICF as well. Have faced no problems so far. However, the rule is "NO". See this from Microsoft:

Does Internet Connection Firewall interoperate with other software firewalls such as Norton and McAfee? http://support.microsoft.com/default...Fwct050702.asp
Windows XP SP2 Firewall
Understanding Windows Firewall in Windows XP Service Pack 2:
http://www.microsoft.com/windowsxp/u...2_wfintro.mspx
How effective is your Firewall?
To test the effectiveness of the Firewall installed in your computer, you could try any of the online leak tests. The tests are offered by many third-party sites.

Test your Firewall:

https://grc.com/x/ne.dll?bh0bkyd2
http://grc.com/lt/leaktest.htm

http://www.hackerwatch.org/probe/

http://www.auditmypc.com/
The above tests are to check the inbound protection only. As Internet is a two-way data transmission, you will have to test the outbound protection for extra security. Test the firewall's outbound protection, using Steve Gibson's LeakTest utility.