Your first line of defense in securing your computer is to protect it from attacks by outsiders. Once your computer is connected to the Internet, it becomes just another node on a huge global network. A firewall provides a barrier between your computer and the network to which it’s connected by preventing the entry of unwanted traffic while allowing transparent passage to authorized connections.
Using a firewall is simple, essential, and often overlooked. You’ll want to be sure that all network connections are protected by a firewall. You might be comforted by the knowledge that your portable computer is protected by a corporate firewall when you’re at work and that you use a firewalled broadband connection at home. But what about the dial-up connection you use when you travel? Viruses like Sasser and its ilk find unprotected dial-up connections to be an easy mark. In fact, although dial-up users are less vulnerable to certain types of attacks just because of their relatively short connection time, they are particularly vulnerable to Internet worms like Sasser because many Internet service providers (ISPs) don’t offer effective firewall protection for this type of connection.
And it makes sense to run a firewall on your computer (sometimes called a personal firewall) even when you’re behind a corporate firewall. Other people on your network might not be as vigilant as you are about defending against viruses, so if someone brings in a Sasser-infected portable computer and connects it to the network, you’re toast—unless your network connection has its own firewall protection.
Windows XP includes a firewall now called, cleverly enough, Windows Firewall. Part of Service Pack 2 for Windows XP, Windows Firewall replaces the Internet Connection Firewall (ICF) that was included in earlier versions of Windows XP. Like ICF, Windows Firewall is a stateful filtering firewall that drops all inbound traffic except traffic sent in response to a request sent by your computer and unsolicited traffic that has been explicitly allowed by creating an exception. You notice nothing if an inbound packet is dropped, but you can (at your option) create a plain-text log of all such events.
But Windows Firewall differs from ICF in much more than name. Among the important improvements that are added with SP2 for Windows XP:
● Windows Firewall protects internal and external connections. As suggested by the name, Internet Connection Firewall was intended to protect your computer’s Internet connection, but it wasn’t easy to properly configure it for connections to your local area network. Recognizing the fact that many security threats can come from your own network, the more appropriately named Windows Firewall now plays nicely with LAN connections.
● Windows Firewall is enabled by default for all connections. By default, Windows Firewall is enabled for all network connections on a computer with SP2 installed. This includes wired LAN connections, wireless connections, dial-up connections, and VPN connections. Any new connections you create have Windows Firewall enabled by default.
● Global configuration options apply to all connections. With ICF, you had to make firewall settings (such as exceptions to allow incoming traffic) separately for each connection. With Windows Firewall, you can make settings globally. Windows Firewall also lets you make settings for individual connections; any per-connection settings override the global settings.
● You’re protected during startup. If Windows Firewall is enabled, Windows provides stateful filtering while it is connecting to your network. During startup, Windows Firewall provides basic protection for network startup tasks such as obtaining an IP address from a DHCP server and Group Policy updates from a domain controller. Full protection according to your Windows Firewall configuration then becomes effective when the Windows Firewall service starts. With ICF, you had no firewall protection until the service started, which left a brief interval in which the computer could be attacked.
● You can specify a scope for each exception. When you set up an exception in ICF (that is, you specify a port through which unsolicited inbound traffic is allowed), the incoming traffic could originate from any IP address. Windows Firewall lets you restrict the scope for exceptions by limiting it to traffic from an IP address that is part of your local subnet or from a list of IP addresses that you specify.
● You can create exceptions for programs. With Windows Firewall, you can create an exception by specifying the name of the program or service for which you want to allow unsolicited incoming traffic. This way, you don’t need to know which port(s) and protocol(s) are used by a program in order to create an exception; Windows Firewall figures it out for you.
● Windows Firewall supports two profiles on domain-based computers. The domain profile is used when the computer is connected to the domain and the standard profile is used when the computer is not connected or connected to a different network. Each profile has a separate list of exceptions and settings. Windows Firewall switches profiles automatically when you connect or disconnect the computer from the domain network.
● Internet Protocol version 6 (IPv6) is supported. IPv6, sometimes called “the next generation Internet,” is a protocol that will someday supplant the current Internet Protocol, which is more accurately called IPv4. When that day arrives, Windows Firewall is ready. For more information about IPv6, visit http://www.ipv6.org.
● Configuration can be done with command lines or using Group Policy. The user interface for configuring Windows Firewall is convenient for ad hoc management of the firewall on a single computer. But if you perform certain tasks repeatedly, or if you have to configure multiple computers, it’s much easier to set up a batch program or script that contains the commands needed to perform the task. Likewise, Group Policy (particularly in a domain environment) eases the burden of repetitive tasks. In addition, you can configure the operational mode and exceptions list for Windows Firewall during unattended setup.
Using a firewall is simple, essential, and often overlooked. You’ll want to be sure that all network connections are protected by a firewall. You might be comforted by the knowledge that your portable computer is protected by a corporate firewall when you’re at work and that you use a firewalled broadband connection at home. But what about the dial-up connection you use when you travel? Viruses like Sasser and its ilk find unprotected dial-up connections to be an easy mark. In fact, although dial-up users are less vulnerable to certain types of attacks just because of their relatively short connection time, they are particularly vulnerable to Internet worms like Sasser because many Internet service providers (ISPs) don’t offer effective firewall protection for this type of connection.
And it makes sense to run a firewall on your computer (sometimes called a personal firewall) even when you’re behind a corporate firewall. Other people on your network might not be as vigilant as you are about defending against viruses, so if someone brings in a Sasser-infected portable computer and connects it to the network, you’re toast—unless your network connection has its own firewall protection.
Windows XP includes a firewall now called, cleverly enough, Windows Firewall. Part of Service Pack 2 for Windows XP, Windows Firewall replaces the Internet Connection Firewall (ICF) that was included in earlier versions of Windows XP. Like ICF, Windows Firewall is a stateful filtering firewall that drops all inbound traffic except traffic sent in response to a request sent by your computer and unsolicited traffic that has been explicitly allowed by creating an exception. You notice nothing if an inbound packet is dropped, but you can (at your option) create a plain-text log of all such events.
But Windows Firewall differs from ICF in much more than name. Among the important improvements that are added with SP2 for Windows XP:
● Windows Firewall protects internal and external connections. As suggested by the name, Internet Connection Firewall was intended to protect your computer’s Internet connection, but it wasn’t easy to properly configure it for connections to your local area network. Recognizing the fact that many security threats can come from your own network, the more appropriately named Windows Firewall now plays nicely with LAN connections.
● Windows Firewall is enabled by default for all connections. By default, Windows Firewall is enabled for all network connections on a computer with SP2 installed. This includes wired LAN connections, wireless connections, dial-up connections, and VPN connections. Any new connections you create have Windows Firewall enabled by default.
● Global configuration options apply to all connections. With ICF, you had to make firewall settings (such as exceptions to allow incoming traffic) separately for each connection. With Windows Firewall, you can make settings globally. Windows Firewall also lets you make settings for individual connections; any per-connection settings override the global settings.
● You’re protected during startup. If Windows Firewall is enabled, Windows provides stateful filtering while it is connecting to your network. During startup, Windows Firewall provides basic protection for network startup tasks such as obtaining an IP address from a DHCP server and Group Policy updates from a domain controller. Full protection according to your Windows Firewall configuration then becomes effective when the Windows Firewall service starts. With ICF, you had no firewall protection until the service started, which left a brief interval in which the computer could be attacked.
● You can specify a scope for each exception. When you set up an exception in ICF (that is, you specify a port through which unsolicited inbound traffic is allowed), the incoming traffic could originate from any IP address. Windows Firewall lets you restrict the scope for exceptions by limiting it to traffic from an IP address that is part of your local subnet or from a list of IP addresses that you specify.
● You can create exceptions for programs. With Windows Firewall, you can create an exception by specifying the name of the program or service for which you want to allow unsolicited incoming traffic. This way, you don’t need to know which port(s) and protocol(s) are used by a program in order to create an exception; Windows Firewall figures it out for you.
● Windows Firewall supports two profiles on domain-based computers. The domain profile is used when the computer is connected to the domain and the standard profile is used when the computer is not connected or connected to a different network. Each profile has a separate list of exceptions and settings. Windows Firewall switches profiles automatically when you connect or disconnect the computer from the domain network.
● Internet Protocol version 6 (IPv6) is supported. IPv6, sometimes called “the next generation Internet,” is a protocol that will someday supplant the current Internet Protocol, which is more accurately called IPv4. When that day arrives, Windows Firewall is ready. For more information about IPv6, visit http://www.ipv6.org.
● Configuration can be done with command lines or using Group Policy. The user interface for configuring Windows Firewall is convenient for ad hoc management of the firewall on a single computer. But if you perform certain tasks repeatedly, or if you have to configure multiple computers, it’s much easier to set up a batch program or script that contains the commands needed to perform the task. Likewise, Group Policy (particularly in a domain environment) eases the burden of repetitive tasks. In addition, you can configure the operational mode and exceptions list for Windows Firewall during unattended setup.
No comments:
Post a Comment