Create the strongest body armor with XPSP2 firewall

        The Windows Firewall in WinXP SP2 (hereafter referred to as SP2) replaces the original Internet Connection Firewall (ICF, Internet Connection Firewall). This improved firewall is turned on by default and supports both IPv4 and IPv6 network protocols, providing more security for our computers. This article will lead you to understand the new features of Windows Firewall and the basic settings.

a firewall

new features compared to the ICF, SP2 Windows Firewall has been significantly improved. The first is the runtime of the firewall. In previous versions of WinXP, there was a period of time between the loading of the network stack and the ICF run, which meant that the entire system was completely exposed during the period from system startup to full operation of the firewall, and was not exposed to the firewall. protection. This is because the system services required for ICF operation are started after the system is booted. The ICF service also depends on other system services. When the services are not running, the ICF services will naturally not run. A new simple protection called "Boot-Time Policy" has been added to the SP2 system. With this protection, we can only use a few required network services, such as the contact between the DNS server and the DHCP server. Wait until the network activity is normal after the firewall is started.

The new Windows Firewall is not only enabled by default, but its configuration interface is also more beautiful. In addition, new features of Windows Firewall include: local subnet restrictions; common configuration options applied to all connections; built-in IPv6 support; new Group Policy configuration options; specific communications can be specified by the application's file name (The original ICF can only specify a port, but cannot specify a program. Now you can select a specific program directly in the allowed communication).

Second, the security alarm

in SP2, when users run an application locally and serve as an Internet server, Windows Firewall will pop up a new security alert dialog . This application or service can be added to the Windows Firewall exception by selecting an option in the dialog box (ie, "Unblock this program" is selected), and the Windows Firewall exception configuration will allow specific inbound connections. Of course, you can also manually add programs to the exceptions or add ports to the exceptions. For specific addition methods, see the firewall option settings below.

Figure 1

Once the program provides the connection service, the firewall will remind the user

Third, the firewall option settings

Click "Start → Control Panel" Then, double-click the "Windows Firewall" item in the classic view of the control panel to open the Windows Firewall console. In addition, you can also open the firewall console by clicking "Windows Firewall" under SP2's newly added Security Center interface.

1.General Tab

Figure 1

Firewall Console is a new item in SP2

In the Windows Firewall Console "General" tab There are two main options in it: enable (recommended) and close (not recommended), and a sub-option "no exceptions allowed". If you choose not to allow exceptions, Windows Firewall will block all network requests that connect to the user's computer, including applications and system services in the Exceptions tab list. In addition, the firewall will also intercept file and printer sharing, as well as network device detection. Using a Windows Firewall that does not allow exceptions is simply "closed" and is more suitable for "high-risk" environments, such as restaurants, hotels, and airports that connect to personal computers on public networks.

2. Exceptions tab
Figure 2
Do not allow the server to take effect

Some programs need external communication, you can add them to the "Exceptions" tab, The program here will be licensed to provide connection services that can listen for and accept connections from the network.

Under the "Exceptions" tab interface, there are two add buttons, "Add Program" and "Add Port", you can manually add exceptions according to the specific situation. If you don't know which port an application communicates with the outside world, or if you don't know if it is based on UDP or TCP, you can add an exception by adding a program. For example, to allow Windows Messenger to communicate, click the "Add Program" button, select the application "C:\\Program Files\\Messenger\\Messenger\\msmsgs.exe", and then click "OK" to add it to the list.

If you are familiar with the port number, and TCP /UDP, the latter approach may be adopted to specify the port number of ways to add. For each exception, you can specify its scope by "change scope". For home and small office application networks, it is recommended to set the scope to a possible local network. Of course, you can also customize IP range defined scope, so that only the network from a particular IP address range of the request to be accepted.

3. Advanced tab

Figure III
To make the system more secure, you should study the advanced settings.

The "Advanced" tab contains four options for network connection settings, security records, ICMP settings, and restore default settings. You can configure them according to the actual situation. .

◆

network connection settings where you can select the Windows firewall applications to which the connection, of course, can be individually configured for a connection, so you can make the firewall applications more flexible. Logging and ICF

◆ safety record

new Windows Firewall or less the same, logging options inside the firewall settings can record the track record, including all matters discarded and success. In the log file option, you can change the location where the log file is stored, or you can manually specify the size of the log file. The default option for the system is to not record any interception or success, and the size of the log file defaults to 4MB.

◆ICMP Settings

Internet Control Message Protocol (ICMP) allows computers on the network to share error and status information. When an item is selected in the ICMP Settings dialog box, the corresponding description information is displayed at the bottom of the interface, which can be configured as needed. By default, all ICMPs are not open.

◆Default Settings

If you want to restore all Windows Firewall settings to their default state, you can click the "Restore to Defaults" button on the right.

four, four
Group Policy Group Policy deployment
FIG provided with high priority

in the ICF, can be connected via a network, the network created Wizards and Internet Connection Wizards enable or disable ICF, while the new version of Windows Firewall can control firewall status, allowed exceptions, and more through Group Policy.

Click "Start → Run", enter "gpedit.msc" in the "Run" dialog box, and then click "OK" to open the WinXP Group Policy Editor. Once you enter the Group Policy Editor, you can use it to configure your Windows Firewall. From the left pane, expand Computer Configuration→Administrative Templates→Network→Network Connections→Windows Firewall. Under Windows Firewall you can see two branches, one is the domain configuration file and the other is the standard configuration file. Simply put, when a computer is connected to a network with a domain controller (that is, when there is a dedicated management server), the domain configuration file works, and instead, the standard configuration file works. The default value takes effect even if no standard configuration file is configured.

Tip: Windows Firewall configuration and status information can also be obtained through the command line tool Netsh.exe, you can enter the "netsh firewall" command in the command prompt window to get firewall information and modify the firewall settings.

can be seen from the foregoing description, SP2 integrates the Windows Firewall, the function has been close to a lot of mature personal firewall products. Although this new version of the firewall lacks the features of some third-party vendors' products (such as output filtering), it is a good choice for individual users.