Windows XP SP2 Fire Protection Overview

Source: Internet
Author: User
Tags configuration settings

Windows Firewall replaces the latest version of Internet Connection Firewall in Windows XP Service Pack 2. By default, the firewall is enabled on all Nic interfaces. whether Windows XP is completely installed or upgraded, this option can provide more protection for network connections by default. However, if some applications cannot work in the firewall filter state, they will not be compatible with the new operating system.

Update

User Interface and new features

To configure a Windows Firewall, you can open it from the security center. The security center is located in the control panel. You can also open the Windows Firewall console directly from the control panel. There are also 3rd options, you can go to the firewall console from the Advanced tab of network connection. The main tab has three options:

  • Enable (recommended)
  • Exceptions not allowed
  • Disable (not recommended)

    When you choose not to allow exceptions, Windows Firewall will intercept all network requests connecting to your computer, including the applications and system services listed on the exception tab. In addition, the firewall will intercept file sharing and printer sharing, as well as network device detection. Windows Firewall that does not allow the exception option is more suitable for personal computers connected to the public network, such as computers used in public hotels and airports. Even if you use a windows Firewall that does not allow exceptional options, you can still browse the Web page, send emails, or use communication software.

    The exceptions Tab allows you to add programs and ports that block rule exceptions to allow specific inbound communication. You can set a scope for each exception. For home and small office application networks, it is recommended to set the scope to a possible local network. Of course, you can also manually set the IP range in the scope. In this way, only network requests from a specific IP address range can be accepted.

    The exception tab also contains a button for adding a program. If you want other clients on the Network (outside the firewall) to access a specific program or service on your local device, but you don't know which port and type of port the program or service will use, in this case, you can add this program or service to the exception of Windows Firewall to ensure that it can be accessed externally.

    On the Advanced tab, you can configure the following settings:

  • Connection rules applied on each network interface
  • Security record Configuration
  • Global ICMP rules allow computers on the network to share and transmit error and status information over the Internet.
  • By default, all Windows Firewall settings can be restored to the default status.

    We can configure different rules for different network connections. The combination of the settings in the exception option and the additional settings for network connection in the advanced option is called Windows Firewall "Combine settings (resultant set )".

    Group Policy Configuration

    By using Windows Firewall, administrators can enable necessary protection for public connections to small networks or independent computers connected to the internet. They deploy appropriate configuration settings for Windows Firewall on the network and enable it to provide security protection for the network. The configuration of Windows Firewall group policies can be found in the following locations on the Group Policy console:

    Computer Configuration/Administrative Templates/Network Connections/Windows Firewall
    Computer Configuration/Administrative Templates/Network Connections/Windows Firewall/Domain Profile
    Computer Configuration/Administrative Templates/Network Connections/Windows Firewall/Standard profile

    In Windows XP SP2, Windows Firewall is set to block all ports by default, which means that applications from the server to the client cannot reach the client. In this case, you can set IPSEC in the Group Policy to verify and trust the requests sent from the server application to the client. "Windows Firewall: Allow verified IPSEC bypass" group policy settings allow you to specify whether to enable the Windows Firewall's IPSEC authentication to allow active incoming messages from the specified system.

    Command line tool

    The configuration and status information of Windows Firewall can be obtained through the command line Netsh.exe. We can use the netsh firewall command to obtain firewall information and modify firewall settings.

    Commands in this context:
    -------------------------------------------------------
    ? -Displays a list of commands.
    Add-Adds firewall configuration.
    Delete-Deletes firewall configuration.
    Dump-Displays a configuration script.
    Help-Displays a list of commands.
    Reset-Resets firewall configuration to default.
    Set-Sets firewall configuration.
    Show-Shows firewall configuration.

    Security Warning

    In Windows XP SP2, when a user runs an application locally and serves as an Internet server, a new security warning dialog box (for example) appears on Windows Firewall ). You can use the options in the dialog box to add this application or service to the Windows Firewall exception. The exception configuration of Windows Firewall allows specific inbound connections. If the program fails to run properly after this method is used, you can isolate the problem through the following analysis steps:

  • Add programs to exceptions
  • Add a port to an exception
  • Use firewall security records
  • Disable firewall (not recommended)
  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.