Using Windows XP Internet Connection Firewall


When you create a small network connected to the Internet, you increase the vulnerability of your computers to unauthorized access, including viruses. To protect your new network, you need to create a type of barrier called a firewall. Windows XP comes with a firewall that you should use when setting up your own network. Here's how...

How Does a Firewall Work?
A firewall is a security system that acts as a protective boundary between a network and the outside world. Like an actual firewall built to prevent fire from spreading between adjoining buildings, computer firewalls prevent the spread of unauthorized communication between an individual computer or group of networked computers and the Internet. One of the most effective and least expensive ways to protect a small network is to create a firewall on your ICS (or Internet Connection Sharing) host computer, and to make sure that computer is the only one on the network with a direct connection to the Internet.

Another way to protect a small network is to use a hardware device called a residential gateway, or router. Residential gateways contain a firewall and replace an ICS host computer as the central Internet connection. Because it contains no files, folders or other data, and cannot be used to manipulate computers to which it is linked, a residential gateway offers a greater degree of protection than a basic ICS host computer. Should a hacker manage to bypass the firewall, the only access gained will be to the device, which is in effect empty. A disadvantage of a residential gateway is the extra cost it adds to putting together a network.

You can create a small network having neither an ICS host computer nor a residential gateway, but at a high cost to security, and convenience. With such a setup, Internet access is obtained by linking each computer directly to the Internet service provider via the computer's own modem, or else all of the computers on the network can be linked to an Ethernet hub, which functions as a central Internet connection. Neither of these methods provides firewall protection; and while Internet Connection Firewall can be enabled on networked computers running Windows XP, doing so prevents those computers from sharing files and devices.

Setting Up Windows' Internet Connection Firewall
Windows XP includes Internet Connection Firewall (ICF) software you can use to restrict what information is communicated between the Internet and your home or small office network. ICF will also protect a single computer connected to the Internet with a cable modem, a DSL modem, or a dial—up modem.

If your network uses Internet Connection Sharing (ICS) to provide Internet access to multiple computers, you should use ICF on the shared Internet connection. However, ICS and ICF can be enabled separately. You should not enable the firewall on any connection that does not directly connect to the Internet; ICF is not needed if your network already has a firewall or proxy server.

You must be logged on to your computer with an owner account in order to complete this procedure. You should not enable Internet Connection Firewall on virtual private networking (VPN) connections or on client computers because ICF will interfere with file and printer sharing. ICF cannot be enabled on the private connections of the Internet Connection Sharing host computer.

To enable or disable Internet Connection Firewall:

» Open Network Connections (Click Start, click Control Panel, and then double—click Network Connections.)

» Click the Dial—up, LAN or High—Speed Internet connection that you want to protect, and then, under Network Tasks, click Change settings of this connection.

» On the Advanced tab, under Internet Connection Firewall, select one of the following:

• To enable Internet Connection Firewall (ICF), select the Protect my computer and network by limiting or preventing access to this computer from the Internet check box.

• To disable Internet Connection Firewall, clear the Protect my computer and network by limiting or preventing access to this computer from the Internet check box. This disables the firewall, your computer and network are then vulnerable to intrusions. If you do not have a firewall on your system, you will likely find yourself wide-open to the world at large.

One of the ways in which you can dramatically compare the before and after effects of using the ICF is to first visit for an open port scan. This will reveal any potential vulnerabilities in your system — at least as far as port intrusion is concerned. If you do not have a firewall on your system, you will likely find yourself wide-open to the world at large. Enable the ICF on your Win XP machine as outlined above, and then re-run the port scan. Feeling a little better now?

Windows XP makes it easy for you to protect your Internet connected network from unauthorized access as well as malicious viruses. If you have not yet done so, enable ICF on your Windows XP machines today!