Windows Firewall and Windows XP
The ICF, now dubbed Windows Firewall, is a simple stateful firewall that is part of the
Windows XP operating system. In essence, Windows firewall provides the same core
functionality that other personal firewall products on the market provide, such as stateful
connection management and configurability for specific traffic that is desired.
Windows Firewall does come bundled with every new version of Microsoft's operating
systems. The firewall capabilities can also be utilized in Windows Server 2003 Standard
and Enterprise editions.
Essentially, Windows Firewall is the next version of Microsoft Windows ICF. It provides
basic filtering capabilities on all Windows XP and 2003 Server platforms so that an
administrator or end user can limit the traffic reaching the system (it does not filter traffic
coming from the system). It's limited in that it is not a stateful firewall but rather a simple
access list type of filter. Also, it only looks at the network and transport layers of the ISO
protocol stack (Layers 3 and 4). This firewall is mostly useful for end users who do not
require complex firewall capabilities to protect their systems and are looking for a simple
p
acket filter to block typical Windows services such as NetBIOS, Remote Procedure Call
(RPC), and others.
How Windows Firewall Works
By default, Windows Firewall comes with an assigned security profile. This profile
provides what are termed as "exceptions" for Print and File Sharing as well as Remote
Assistance and Universal Plug-and-Play (UPnP) with the local subnet. The local subnet is
defined as the local network that the system is connected to. If the system is connected to
multiple networks (for example, if the system has multiple interfaces), these network
ranges are considered part of the local subnet. These services allow the ports listed in
Table 4-1 to connect to the system.
Table 4-1. Default Windows Firewall Profile Exceptions
Service TCP Ports UDP Ports Program
File and Printer Sharing 139,445 137,138
Remote Assistance C:\Windows\system32\sessmgr.exe
Remote Desktop 3389
UPnP Framework 2869 1900
N
ote that by default only the Remote Assistance exception is enabled. Although the other
exceptions are created in the profile, they are not enabled. Figure 4-1 shows the default
configuration for the Windows Firewall.
Figure 4-1. Windows Firewall Default Configuration
After Microsoft released XP SP2, Windows Firewall was turned on by default. Third-
party firewall vendors enable users to turn off Windows Firewall during the installation
of their software.
Configuring Windows Firewall
Configuring Windows Firewall is fairly straightforward. To open Windows Firewall, go
to Start and choose Control Panel. This will open the Control Panel window as shown in
Figure 4-2.
Figure 4-2. Windows XP Control Panel
[View full size image]
Choose Security Center at the lower-right corner of the window to open the Windows
Security Center window. Choose Windows Firewall at the lower-left corner, as shown in
Figure 4-3.
Figure 4-3. Windows Security Center
[View full size image]
This opens the Windows Firewall window. The settings on the General tab determine
whether the firewall is on or off. As mentioned earlier, Windows Firewall is on by default
since the release of Windows XP SP2. You have three options with the Windows
Firewall: on, on without exceptions, and off (as shown in Figure 4-4).
Figure 4-4. General Tab of the Windows Firewall
When the firewall is turned on, the user is offered the possibility of running the firewall
with exceptions as specified in the Exceptions tab or with no exceptions at all. Microsoft
recommends that when accessing a network such as a public wireless network (say at
Starbucks or a T-Mobile hotspot in an airport) that the firewall should be set to on
without exceptions. This setting blocks other users on the public wireless network from
accessing system shares or other resources on the firewall-protected system.
When the system is on a safer network (such as a home office or a local office LAN), you
can set the firewall to on with exceptions to allow for file sharing and remote assistance.
These default exceptions are activated in the Windows Firewall policy on the Exceptions
tab, as shown in Figure 4-5. The need to provide these exceptions is to allow the end
system to participate in a Windows network environment and for folder and file shares to
be made available to other systems on the local network. Remember that exceptions
should be turned on only in known, secure networks. Such a network may be a home