ICF is the abbreviation for "Internet Connection Firewall", the Internet Connection Firewall. ICF is built between your computer and the Internet, it allows you to request the data through, and blocking you do not request packets, is a package based firewall. Therefore, the first feature of ICF is not to respond to the ping command, and ICF also prohibits the external program from port scanning of the machine, discarding all IP packets that have not been requested.
Personal computers are not the same as servers, and generally do not provide services such as FTP, Telnet, POP3, and so on, so that hackers can exploit fewer system vulnerabilities. So, ICF can protect our PCs to a certain extent.
ICF is a state firewall that monitors all traffic that passes and examines the source and destination addresses of each message that is being processed. To prevent unsolicited traffic from entering the system port, ICF retains all the communication tables originating from the local computer. On a separate computer, ICF tracks traffic originating from the local computer, and all Internet incoming traffic is compared against the items in that table. Incoming Internet traffic is allowed to be delivered to computers on the network only if there is a match in the Address table, which indicates that the communication exchange started from within the computer or from the private network.
Traffic originating from an external ICF computer (that is, an intrusion computer) will be blocked by the firewall unless it is set up on the Services tab to allow the traffic to pass. Instead of sending activity notifications to you, ICF statically blocks unsolicited traffic and prevents common hacking attacks such as port scans.
The principle of ICF is to record all the destination IP addresses, ports, services, and other ┦ from the local computer by saving a communication form; け net which Kang? When an IP packet enters this machine, ICF checks the form to see if the IP packet reached is requested by the native. If you let it pass, discard the IP packet if the record is not found in that table. The following example can be a good illustration of this principle. When a user uses Outlook Express to send and receive e-mail, a local personal computer sends an IP request to the POP3 mail server. ICF records this destination IP address, port. When an IP packet arrives on this computer, ICF first audits, and by looking up the data in advance to determine that the IP packet is from the destination address and port of our request, the packet is approved. Take a look at what happens when you use the Outlook Express Client mail program and the mail server. Once a new message arrives at the mail server, the mail server automatically sends an IP packet to the Outlook client to notify the arrival of a new message. This notification is implemented through RPC call. When the mail server's IP packet arrives at the client, the client's ICF program audits the IP packet and finds that the local Outlook Express client software has issued an IP request for this address and port, so this IP packet is accepted, The client will of course receive a new mail notification from the mail server. Then let Outlook Express go to receive new messages on the mail server.
setting up ICF
1. Enable or disable Internet Connection Firewall
To open Network Connections in Control Panel
Click the dial-up, local, or other Internet connection that you want to protect, and then, under Network tasks → change settings for this connection → advanced → Internet Connection Firewall, select the items shown in the illustration:
To enable Internet Connection Firewall, select the Protect my computer and network by restricting or preventing access to this computer from the Internet check box. To disable Internet Connection Firewall, clear the check box.
Network Services
Or the "Advanced" tab above, click on the "Settings" item below, the following figure:
There are already selected items that represent the services that network users can access, such as messenger, Remote Desktop, ftp,telnet, and so on.
For some common network services, such as POP3,SMTP, HTTP, etc., the system will be open when needed.
If we want to set up a new service project, take the common Messenger file transfer as an example, because many friends will encounter problems in this area, and actually write it in Help.
Messenger file transfer using the tcp6891-6900 port, you can in the XP firewall settings inside the Add TCP6891 port, the file can be sent smoothly. File transfer process, in general, we add one on the line.
Add method See figure:
Write "description", "Native IP address", and use the port number (6891), and then determine.
Security Log
The format used to generate the security log is the format of the Common document extension log file, similar to the format used in the commonly used log analysis tools.
Open Network Connections, click the connection on which you want to enable Internet Connection Firewall (ICF), and then, under Network tasks → change settings for this connection → advanced → settings → security logging → logging options, select one or both of the following:
To enable logging of unsuccessful inbound connection attempts, select the Log dropped packets check box, or disable.
2, change the security log file path and file name
Open Network Connections, and select the connection on which you want to enable the Internet Connection Firewall. Then, in the network tasks → change settings for this connection → advanced → settings → security logging → log file options → Browse, browse to the location where you want to place the log files.
In file name, type a new log file name, and then click Open. You can view its contents when you open it.
You can also set the size of the security log file, open the connection that has Internet Connection Firewall enabled, and then in the network tasks → change settings for this connection → advanced → settings → security logging → log file options → size limit, use the arrow buttons to resize the size limit. I think that the general 512K enough.
If you have problems changing settings, you can restore the default security log settings. Open the connection that enables the Internet Connection Firewall, and then click Network tasks → change the settings for this connection → advanced → settings → security logging → restore defaults.
Log successful connections-this will log on to all successful connections from home, small office network, or the Internet.
When you select the log on successful outbound connection check box, each connection information that succeeds through the firewall is collected. For example, when anyone on the network uses Internet Explorer to successfully connect to a Web site, a project is generated in the log.
Log discarded packets-this will log on to all discarded packets originating from the home, the small office network, or the Internet.
When you select the "Log on discarded packets" checkbox, the information that each communication attempts to detect and reject through the firewall is collected by ICF. For example, if your Internet Control Message protocol is not set up to allow incoming echo requests, such as those made by the ping and tracert commands, a echo request from outside the network will be received, the echo request will be discarded, and a project is generated in the log.
Internet Control Message Protocol (ICMP)
Network Message Protocol (ICMP) is the required TCP/IP standard for hosts and routers that use IP traffic to report errors and Exchange restricted control and status information via ICMP.
ICM messages are usually automatically sent in the following situations:
The IP datagram was unable to access the destination.
The IP router (gateway) cannot forward datagrams at the current transmission rate.
The IP router redirects the sending host to use a better route to reach the destination. To apply the Internet Control Message Protocol:
Open Network Connections. Click the connection that has Internet Connection Firewall enabled, in network tasks → change settings for this connection → Click advanced → settings → ICMP tab, select the check box next to the type of request information you want your computer to respond to.
the limitations of ICF
So, what does ICF not do? Could ICF completely replace the existing personal firewall product? ICF is to determine whether a foreign IP packet is "legitimate" by recording the IP request of the machine, which of course cannot be used on the server. Why, then? The IP packets on the server are basically not emitted by the server, so ICF does not provide protection for the security of the server at all. Of course, you can also use the appropriate settings to allow ICF to ignore all packets sent to one end of the packet, such as Port 80. All packets that are sent to port 80 are not discarded by ICF. In this sense 80 ports become undefended ports. Such a firewall product is not possible to use on the application server, the firewall products on the server are based on the establishment of various policies to audit foreign IP packets. ICF and the application-based personal firewall products are also different. An application-based personal firewall records every program that accesses the Internet, for example, by setting up Internet access that is available to IE, and Netscape's navigator does not have access to the Internet. Even the destination IP address and port of the two programs are the same. Norton's Personal Firewall (Personal Firewall) is such a typical product. In short, ICF cannot provide application-based protection or set up packet auditing policies based on IP packets. Therefore, ICF can not completely replace the existing personal firewall products, there is no way to work well on the application server.
The author believes that Norton's Personal firewall and ZoneAlarm Pro can provide more comprehensive protection, but the setup is more complicated. ICF does not provide completely watertight protection, but ICF is sufficient to provide protection against personal computers. A "system security" evaluation is often given after using some system security software for port scanning of PCs with ICF. Furthermore, ICF is a built-in feature of Windows XP that takes up a small amount of resources and does not cost extra money to buy. Most of the benefits from ICF should be those who are still using the modem Internet friends, most of the users in the country are using modem Internet. First of all, you will not be on the internet for too long, usually in a few hours (except monthly). Second, each time the connection is established, the dial-up server assigns a new IP address (dynamic address assignment) to you, and the likelihood of taking up an identical IP for a long time should be low. Compared to the use of ADSL and other broadband users, using modem Internet itself is a lot safer.
Attention Matters
ICF communicates with home or small offices-you should not enable Internet connection firewalls on all connections that are not directly connected to the Internet, which is best not to be used on your local area network. If you enable a firewall on a network adapter on an ICF client computer, it interferes with some communication between the computer and other computers on the network. If the network already has an Internet firewall or proxy server, you do not need an Internet Connection Firewall, you should close it.
So there's not much point in using a heavyweight firewall. And ICF is just good, it provides a certain protection, but not too much resources, good, is "economic, and affordable."
