Firewall: Windows XP

From The Uniform Server Wiki
Jump to navigation Jump to search

MPG UniCenter

Firewall: Home | Windows XP | Zonealarm | Router | TCP View

Firewalls
Home Web Server Uniform Server 3.5-Apollo.

Microsoft started including firewall software with the introduction of XP. Not originally enabled by default hence depending on your version make sure it is enabled if you decide to go with this firewall. Note from service pack 2, it is enabled by default.

It is a personal firewall, meaning it runs on a single computer and protects only that system. If the computer in question is using Internet sharing to provide the rest of a home network with Internet access, then the firewall will protect the entire network.

Activating Windows XP firewall

Enabling XP's firewall is easy:

Go to start > control panel > network and Internet connections > network connections

Right click on your Internet connection (which should be at the top of the page labeled either Dial-Up or Bradband) and select 'properties.'

Select the advanced tab and click on Settings.

Turn firewall On

Check the On radio button next to the sheild.

Note: If you are using another firewall check the Off radio button to prevent clashes.

Your PC is now protected by Windows XP firewall. The firewall runs as a process (in the background) on your computer and examines all incoming data via the Internet connection.

Unless the data was requested, or you opened a port (for example 80) to allow access the data will be dropped.

Top

Security

Windows XP firewall is very basic there are no options to tailor security. For domestic use the simple interface makes it easy to use.

Top

Logging

One useful feature is logging this is not enabled by default and need to be turned on as follows:

  1. Go to 'start/control panel/network and Internet connections/network connections'
  2. Then right click on your internet connection (which should be at the top of the page) and select 'properties.'
  3. Now go to the 'advanced' tab and click on the 'settings' button.
  4. Select the advanced tab and under Security Logging click on the settings button
  5. Enable the log for dropped packets and successful connections.


Note: The default location of the log is C:\WINDOWS\pfirewall.log You can open this file with notepad or any other text editor to view recent failed and successful attempts to access your firewall.

Top

Allowing applications through a Windows XP firewall

To enable certain applications to bypass Windows XP firewall, you need to open specific ports for their use.
You do this by creating a custom 'Service.'

  1. Select start > control panel > network and Internet connections > network connections
  2. Right click on your internet connection (which should be at the top of the page) and select properties
  3. Select advanced tab and click settings.
  4. Select the exceptions tab and click on add program

The following example creates a service to allow MSN Messenger file transfers.

First enter something appropriate for the name of the service, in this case MSN messenger file transfer. This name is for your reference only. MSN file transfer uses the TCP protocol for data transfer select TCP radio button.

Enter the port number that should be opened in the firewall for this application. MSN messenger uses TCP ports 6891-6900. One port is used for each simultaneous transfer. I have shown port 6891 enter in both the external port number and internal port number boxes. Click OK repeat for each port that needs to be open.

Note: That the new service is added to the list and enabled. File transfers should now work in MSN messenger.


Web Site hosting

Follow the above procedure to open a port for your Apache server. Name the new service Apache and open port 80.

The following is a list of common port numbers for hosted applications.


Hosted Application Port Numbers
Websites (http:)  Port 80 TCP for file http:// 
FTP Sites (ftp:)  Port 21 TCP/UDP
Telnet (telnet:)  Port 23 TCP/UDP
 Encrypted HTTP (https:)  Port 443 TCP

General note

The only time I have ever enabled Windows XP firewall was to take the screen shots. My preferred firewall is ZoneAlarm its free, very flexible and monitors both incoming and outgoing data.

If you have no other option then XP is better than nothing.

Where to next

These are worth looking at Zonealarm :: Router

Top


Ric