New Network Features for Windows XP SP2

  
New Windows Firewall Windows XP SP2 includes a new Windows Firewall that replaces the Internet Connection Firewall (ICF) included with Windows XP with Service Pack 1 (SP1) and no service packs . Windows Firewall is a stateful firewall that disconnects unsolicited incoming traffic, which refers to communications (requesting communications) that are not sent in response to a request from the computer or are designated as allowable unsolicited communications (exceptional communications). Windows Firewall provides a degree of protection against malicious users and programs that rely on unsolicited incoming traffic to attack computers. In Windows XP with SP1 and no service pack installed, ICF is disabled by default for all connections unless you make changes through the Network Setup Wizard or the Internet Connection Wizard. ICF can be manually enabled for each connection by a checkbox on the Connections Properties Advanced tab, from which you can also specify a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port. Configure a collection of exception communications. There are many changes to Windows Firewall in Windows XP SP2, including the following: • By default, all connections to your computer are enabled • New global configuration options that apply to all connections • A new set of dialogs for local configuration • New Operating modes • Startup security • Exception communication can be specified by scope • Exception communication can be specified by application file name • Built-in support for IPv6 • New configuration options for Netsh and Group Policy are enabled by default for all connections to the computer
Windows Firewall in Windows XP SP2 is enabled globally by default. This means that by default, all connections to computers running Windows XP with SP2 enable Windows Firewall, including LAN (wired and wireless), dial-up, and virtual private network (VPN) connections. The new connection also enables Windows Firewall by default. Although this behavior provides additional protection for Windows XP-based computers, this default behavior can also have an adverse effect on the application compatibility and the ability to manage computers on the network for the information technology (IT) department of the organization's network. For more information about how to deploy Windows Firewall in Windows XP SP2 in an enterprise environment, see Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2 (Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2). New Global Configuration Options for All Connections
Windows Firewall in Windows XP SP2 allows you to configure settings (global configuration) for all connections applied to your computer. In Windows XP with SP1 and Windows XP without a service pack, ICF settings are configured for each connection, which means that if you want to enable Windows Firewall for multiple connections and configure exception communication, you must configure each separately Connections. When you change the global Windows Firewall settings, the changes are applied to all Windows Firewall-enabled connections. Windows Firewall in Windows XP SP2 also allows configuration for each connection. Connection-specific configuration overrides the global configuration. A new set of dialogs for local configuration
In Windows XP with SP1 and Windows XP without a service pack, ICF settings include a check box ("Advanced" tab on the connection properties" Protect my computer and network by restricting or blocking access to this computer from the Internet check box and a Settings button that can be used to configure exception communication, log settings, and allowed ICMP traffic. In Windows XP SP2, the checkbox has been replaced by the "Settings" button, which launches the new Windows Firewall component in the Control Panel. From the new Windows Firewall dialog, you can configure general settings, permissions for programs and services, connection-specific settings, log settings, and allowed ICMP traffic. The following image shows the new Windows Firewall dialog. New operating modes
In Windows XP with SP1 and Windows XP with no service pack installed, ICF is either enabled (allowing both requested and exceptional communications) or disabled (all communications allowed). In Windows XP SP2, you can choose a new mode of operation that corresponds to the Do not allow exceptions check box in the General tab of the Windows Firewall dialog box. When the Windows Firewall is running in this new mode, all unsolicited traffic is disconnected, including exception communications. This mode can be used to temporarily lock a computer during a known cyber attack or when a malicious program propagates. Once the cyber attack is over and the appropriate update is installed to prevent future attacks, place the Windows Firewall in the normal mode of operation that allows exception communication (corresponding to the Open (Recommended) option). Boot security
In Windows XP with SP1 and Windows XP without a service pack, when the Internet Connection Firewall (ICF)/Internet Connection Sharing (ICS) service starts successfully, ICF is on the connection that enables it active. Therefore, when a computer running Windows XP with SP1 and Windows XP without a service pack is started, there is a delay between the time the computer is enabled on the network and the ICF begins to protect the connection. This delay makes it possible for a computer to be attacked by unsolicited communication at startup. In Windows XP SP2, there is a launch policy for performing stateful packet filtering that allows computers to perform basic network boot tasks using Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), and to communicate with domain controllers to obtain groups Policy update. Once the Windows Firewall (WF)/Internet Connection Sharing (ICS) service starts, it uses its configuration and removes the startup policy. The startup policy settings are not configurable. Exception communication can be specified by range
In Windows XP with SP1 and Windows XP without a service pack installed, exception communication can originate from any IP address. In Windows XP SP2, Windows Firewall allows you to specify that exception traffic can originate from one of three ranges: any IP address, an IP address that matches the local subnet connected to the connection receiving the communication, or one or more IPv4 originating A list of addresses or IPv4 address ranges. This may be useful for home networking, in which case you might want to allow computers connected to the same subnet on the local home network to access programs or services, but not potentially malicious Internet users. In this case, you only need to configure exception communication for the local subnet. Exception communication can be specified by application file name
In Windows XP with SP1 and Windows XP without a service pack, you configure it manually by specifying the TCP and UDP port sets that correspond to the specific application or service communication Exceptional communication. This can be difficult to configure for users who don't know what the TCP or UDP port set of the application or service is or don't know how to find them. Also, this configuration does not work for applications that are not listening on a specific UDP or TCP port set. To make the designation of exception communication easier, you can configure the program's file name (application or service) in Windows XP with SP2. When the program runs, Windows Firewall monitors the ports that the program listens on and automatically adds them to the list of exception communications. To allow you to quickly enable exceptions for commonly allowed unsolicited incoming traffic, Windows Firewall predefines programs for common Windows components and services, such as File and Printer Sharing and Remote Assistance. In addition, the notification mechanism in Windows Firewall allows local administrators to automatically add new programs to the exceptions list when prompted. Built-in support for IPv6
Windows XP SP2 includes Internet Protocol version 6 (IPv6), which is included in the Advanced Networking Pack for Windows XP. IPv6 support is included in the Windows Firewall and is automatically enabled on all IPv6 connections. IPv4 and IPv6 share the same exception communication settings. For example, if file and print sharing communication is set to an exception, both IPv4-based and IPv6-based unsolicited incoming file and print sharing communication are allowed. About new configuration options for Netsh and Group Policy
In Windows XP with SP1 and Windows XP without a service pack, to enable or disable ICF only through the Network Connections folder, the Network Setup Wizard, and the Internet connection Wizard. To configure exception communication, either you must use the Network Connections folder or your application must be able to recognize ICF, in which case it will automatically enable exception communication when it runs. In Windows XP SP2, you have the following additional configuration options: • Netsh Command Netsh is a command-line tool that lets you configure settings for network components. To configure a component, it must support a set of commands through the Netsh context. Windows XP with SP1 and Windows XP without a service pack do not have a Netsh context for Windows Firewall. In Windows XP SP2, you can now configure Windows Firewall settings through a series of commands in the "netsh firewall" context. You can use Netsh to create Netsh scripts to automatically configure a set of Windows Firewall settings for TCP/IP and IPv6. For more information, see Appendix B of Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2 (Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2). • New Configuration API In Windows XP with SP1 and Windows XP without a service pack, there are APIs that can be used by applications to automatically configure exception communication and configure ICF settings. In Windows XP SP2, there are new APIs that allow you to configure global settings for Windows Firewall and connection-specific settings for all items that are available through the Windows Firewall Control Panel applet. You can use these APIs to create a custom configurator that can be run by users on your organization's network. For information about the new Windows Firewall API, see Windows Firewall in the Windows Software Development Kit (SDK). • Broad support for using Group Policy configuration settings To centrally configure a large number of computers in an organization network that uses Active Directory® directory services, you can configure Windows Firewall settings for computers running Windows XP with SP2 through Computer Configuration Group Policy. A new set of computer configuration group policies Windows Firewall settings allow network administrators to configure Windows fire protection using Group Policy objects
Copyright © Windows knowledge All Rights Reserved