ICF is short for "Internet Connection Firewall", which is the Internet connection firewall. ICF is built between your computer and the Internet. It allows the data you request to pass through and blocks the packets you don't request. It is a packet-based firewall. Therefore, the first function of the ICF is not to respond to the Ping command, and the ICF also prohibits external programs from port scanning the local machine and discarding all IP packets that are not requested.
PC with the server is not the same, generally does not provide services such as FTP, Telnet, POP3, etc., so that hackers can exploit the loopholes in the system rarely. Therefore, ICF can protect our personal computers to a certain extent.
ICF is a stateful firewall that monitors all traffic passing through and checks the source and destination addresses of each message processed. To prevent unsolicited traffic from entering the system port, the ICF retains all communication tables originating from the local computer. On a separate computer, the ICF will track communications originating from the local computer, and all Internet incoming communications will be compared against the items in the table. Only when there is a match in the communication table (which means that the communication exchange starts from inside the computer or private network), the incoming Internet communication is allowed to be transmitted to the computers in the network.
Communication from external ICF computers (that is, intrusion computers) (such as illegal Internet access) will be blocked by the firewall unless the communication is allowed on the Service tab. Instead of sending you notifications of activity, ICF statically blocks unsolicited traffic and prevents common hackers like port scanning.
ICF of works by saving a communication form, all records from the destination IP address of the machine issued by the port, as well as other services a ┦ Jin Chong mace Award; which Kang ke net when a copy IP? When the packet enters the machine, the ICF will check the table and see if the IP packet arrived is requested by the local machine. If it is, let it pass. If the corresponding record is not found in that table, discard the IP data. package. The following example is a good illustration of this principle. When a user uses Outlook Express to send and receive emails, the local personal machine sends an IP request to the POP3 mail server. The ICF will record the destination IP address and port. When an IP packet arrives at the machine, the ICF first checks it. By looking up the previously recorded data, it can be determined that the IP packet is from the destination address and port we requested, and the packet is passed. Take a look at the situation when using the Outlook Express client mailer and mail server. Once a new mail arrives at the mail server, the mail server automatically sends an IP packet to the Outlook client to notify that a new mail arrives. This notification is implemented through RPC Call. When the IP packet of the mail server arrives at the client, the client's ICF program will audit the IP packet and find that the Outlook Express client software of the local machine has issued an IP request for this address and port, so this IP packet It will be accepted and the client will of course receive a new email notification from the mail server. Then let Outlook Express receive new mail on the mail server.
Setting ICF
1. Enabling or disabling Internet Connection Firewall
Opening "Network Connection" in "Control Panel"
Click to protect Dial, local or other Internet connection, then under "Network Tasks" → "Change Settings for this connection" → "Advanced" → "Internet Connection Firewall", select the project as shown:
< BR>
To enable Internet Connection Firewall, select the "Protect my computer and network by restricting or blocking access to this computer from the Internet" check box. To disable Internet Connection Firewall, clear the check box.
Network Service
Or the "Advanced" tab above, click on the "Settings" item below, as shown below:
Already selected items indicate that network users can save Take services such as: messenger, remote desktop, FTP, Telnet, etc.
For some common network services, such as POP3, SMTP, HTTP, etc., the system will be open when needed.
if we are to set up a new service to the common messenger file transfer, for example, because many of my friends will have problems in this regard, in fact written in clear in HELP.
messenger file transfer using TCP6891-6900 port, you can increase the number TCP6891 ports in the firewall settings file xp inside can successfully sent. The process of file transfer, in general we add one.
Add method as shown in the figure:
Write "description", "IP address of the machine", port number (6891), and then confirm as required.
Security Log
The format used to generate the security log is the W3C Extended Log File Format, which is similar to the format used in common log analysis tools.
Open "Network Connection", click the connection on which you want to enable Internet Connection Firewall (ICF), and then in "Network Tasks" → "Change Settings for this Connection" → "Advanced" → "Settings" → Under "Security Logging" → "Record Options", select one or both of the following:
To enable logging of unsuccessful inbound connection attempts, check "Record dropped packets" "Checkbox, otherwise disabled.
2, change the security log file path and file name
open the "Network Connections", select the connection you want to enable Internet Connection Firewall on it, and then in the "Network Tasks" → "Change For the connection settings "→" Advanced "→" Settings "→" Security Logging" → "Log File Options" → "Browse", browse to the location where you want to place the log file.
In "File Name", type a new log file name and click "Open". Once opened, you can view its contents.
You can also set the size of the security log file, open the connection with Internet connection firewall enabled, and then in the "Network Tasks" → "Change the settings of the connection" → "Advanced" → "Settings" → "Security log Record the "→" log file option "→" size limit" and use the arrow buttons to adjust the size limit. The author believes that 512K is generally enough.
If you have problems changing your settings, you can restore the default security log settings. Open the connection that enables Internet Connection Firewall, and then click "Network Tasks" → "Change Settings for this Connection" → "Advanced" → "Settings" → "Security Logging" → "Restore Defaults".
Record successful connections - this will log all successful connections from the home, small office network or the Internet.
When you select the "Login Successful Outbound Connection" checkbox, each connection information that successfully passes through the firewall is collected. For example, when anyone on the network successfully connects to a website using Internet Explorer, an item is generated in the log.
Record abandoned packets - this will log all abandoned packets from the home, small office network or the Internet.
When you select the "Login Abandoned Packets" checkbox, the information that is detected and rejected by each communication attempt through the firewall is collected by the ICF. For example, if your Internet Control Message Protocol is not set to allow incoming echo requests, such as those issued by the Ping and Tracert commands, you will receive an echo request from outside the network, the echo request will be discarded, and then the log Lieutenant will generate a project.
Internet Control Message Protocol (ICMP)
"Network Message Protocol (ICMP)" is the required TCP/IP standard. Through ICMP, hosts and routers using IP communication can report errors and Exchange restricted control and status information.
ICM messages are usually sent automatically in the following cases:
IP datagrams cannot access the target.
IP router (gateway) can not forward datagrams at the current rate of transmission.
IP router redirects the sending host to use a better route to the destination. Apply Internet Control Message Protocol:
Open "Network Connection". Click the connection with Internet Connection Firewall enabled, in "Network Tasks" → "Change Settings for this Connection" → click "Advanced" → "Settings" → "ICMP" tab, select the request information that you want your computer to respond to. The check box next to the type.
ICF limitations
Well, ICF can not do? Can ICF completely replace existing personal firewall products? ICF is to determine whether the foreign IP packet is "legal" by recording the local IP request, which of course cannot be used on the server. why? The IP packets on the server are basically not sent by the server first, so the ICF method cannot protect the security of the server at all. Of course, you can also let the ICF ignore all packets sent to a certain port, such as port 80, through the corresponding settings. Then all packets sent to port 80 will not be discarded by ICF. In this sense, port 80 becomes an undefended port. Such a firewall product is not likely to be used on an application server. The firewall products on the server are based on establishing various policies to audit incoming IP packets. ICF and application-based personal firewall products are also different. The application-based personal firewall records every program that accesses the Internet. For example, the settings allow IE to access the Internet and Netscape Navigator does not have permission to access the Internet, even if the destination IP addresses and ports of the two programs are the same. of. Norton's Personal Firewall is such a typical product. In short, ICF does not provide application-based protection, nor can it establish an IP-based package auditing strategy. Therefore, ICF can neither completely replace the existing personal firewall products nor work well on the application server.
believe that, Norton Personal Firewall and Zonealarm Pro can provide a more all aspects of protection, but the setting is more complex. ICF does not provide complete and impeccable protection, but ICF is sufficient to provide protection for personal computers. After using some system security software to scan the port of the ICF-equipped personal computer, the "system security" evaluation is often given. Moreover, ICF is a built-in feature of Windows XP that takes up very little resources and does not cost extra money to purchase. The most benefiting from ICF should be those who are still using Modem to access the Internet. Most of the users in China use Modem to access the Internet. First of all, you will not be online for too long, usually in a few hours (except for the monthly subscription). Second, each time the connection is established, the dial-up server will assign a new IP address (dynamic address allocation) to you. The probability of occupying the same IP for a long time should be low. Compared to users who use ADSL and other broadband, it is much safer to use the Modem Internet.
Notes
ICF and the home or small office communications - should not be at all not directly connected to the Internet Connection Firewall on the Internet connection, which is best not to use the LAN. If the firewall is enabled on the network adapter of the ICF client computer, it will interfere with some communication between the computer and other computers on the network. If your network already has an Internet firewall or proxy server, you don't need an Internet connection firewall, you should turn it off.
Therefore, the use of a heavyweight firewall is really not too much. The ICF is just right, it provides a certain degree of protection, and it does not take up resources. It is good, and it is "economical and affordable."