A new generation of operating system Windows XP has been officially released, which adds many important new network features, such as Internet Connection Firewall (ICF) is a security system that acts as a security boundary between the network and the outside world. The Internet Connection Firewall (ICF) is a piece of software that restricts what information can be accessed from your home or small office network to the Internet and from the Internet to your home or small office network.
If your network uses Internet Connection Sharing (ICS) to provide Internet access to multiple computers, it is recommended that you enable ICF on a shared Internet connection. ICS and ICF can also be enabled separately, for example, ICF can be enabled on any computer that is directly connected to the Internet.
a working principle
the ICF is considered state firewall, the firewall can monitor the state of the communication path through which all of each of the source and destination addresses and checking the processed message. In order to prevent unsolicited communication from the connected public end from entering the dedicated end, the ICF retains all communication tables originating from the ICF computer. In a separate computer, the ICF will track communications originating from that computer. When used with ICS, the ICF will track all communications originating from the ICF/ICS computer and all communications originating from the private network computer. All Internet incoming communications are compared against the items in the table. Only when there is a match in the table (which means that the communication exchange starts from inside the computer or private network) allows incoming Internet traffic to be transmitted to computers on the network.
Communication from external source ICF computers (such as the Internet) will be blocked by the firewall unless the communication is allowed on the Service tab. Instead of sending you notifications of activity, ICF statically blocks unsolicited traffic and prevents common hackers like port scanning.
Second, note
ICF and the home or small office communications - should all not connected directly to the Internet connection is enabled in Internet Connection Firewall. If the firewall is enabled on the network adapter of the ICS client computer, it will interfere with some communication between that computer and all other computers on the network. If your network already has a firewall or proxy server, you do not need an Internet connection firewall.
ICF and notification messages - but some programs (especially e-mail program) may make different actions when ICF is enabled due to the ICF check all incoming communications. Such as regularly querying new mail, waiting for notification from the email server, etc.
Advanced ICF Settings - The ICF Security Record feature provides a way to create log files for firewall activity. ICF is able to record both licensed and rejected communications. For example, by default, the firewall does not allow incoming echo requests from the Internet to pass. If Internet Control Message Protocol (ICMP) "Allow incoming echo requests" is not enabled, incoming requests will fail and log entries for incoming failures will be generated.
Third, actual firewall
1. Enable or disable the Internet Connection Firewall
open the "Network Connections", click the dial to be protected, LAN or high-speed Internet connection, and then Under "Network Tasks" → "Change Settings for this Connection" → "Advanced" → "Internet Connection Firewall", to enable ternet connection firewall, check "Protect me by restricting or blocking access to this computer from the Internet." Computer and network check box. To disable the Internet Connection Firewall, clear this check box.
2. Security log file
Using the ICF security log, you can:
Log in to abandoned packets - this will log in all abandoned packets from the home, small office network or the Internet .
When you select the "Login Abandoned Packets" checkbox, the information that is detected and rejected by each communication attempt through the firewall is collected by the ICF. For example, if your Internet Control Message Protocol is not set to allow incoming echo requests, such as those issued by the Ping and Tracert commands, you will receive an echo request from outside the network, the echo request will be discarded, and then the log Lieutenant will generate a project.
Log in to a successful connection - this will log in to all successful connections from your home, small office network or the Internet.
When you select the "Login Successful Outbound Connection" checkbox, each connection information that successfully passes through the firewall is collected. For example, when anyone on the network successfully connects to a website using Internet Explorer, an item is generated in the log.
The format used to generate the security log is the W3C extended log file format, which is similar to the format used in common log analysis tools.
3. Enable or disable the security logging option
Open "Network Connection", click the connection on which you want to enable Internet Connection Firewall (ICF), and then in the "Network Tasks" → "Change this Under Connected Settings→→Advanced→Settings→Security Logging→Logging Options, select one or both of the following:
To enable logging of unsuccessful inbound connection attempts , select the "Record dropped packets" check box, otherwise disable.
4. Change the path and file name of the security log file
Open "Network Connection", select the connection on which you want to enable Internet Connection Firewall, and then in "Network Tasks" → "Change the settings of this connection" → In the "Advanced" → "Settings" → "Security Logging" → "Log File Options" → "Browse", browse to the location where you want to place the log file.
In File Name, type a new log file name and click Open. Once opened, you can view its contents.
5. Change the security log file size
Open the connection with Internet connection firewall enabled, then in "Network Tasks" → "Change the settings of the connection" → "Advanced" → "Settings" → "Security Logging" → "Log File Options" → "Size Limit", use the arrow buttons to adjust the size limit.
6. Restore the default security log settings
On enables connection to the Internet Connection Firewall, and then click on the "Network Tasks" → "change the connection settings" → "Advanced" → "Settings" → "Security Logging → → Restore Defaults.
Fourth, understand the Internet Control Message Protocol (ICMP)
"Internet Message Protocol (ICMP)" is required TCP /IP standard, by ICMP, IP communication using the hosts and routers may report errors and Exchange restricted control and status information.
ICM messages are usually sent automatically in the following cases:
IP datagrams cannot access the target.
IP routers (gateways) cannot forward datagrams at the current transmission rate.
The IP router redirects the sending host to use a better route to the destination.
Enable or disable the Internet Control Message Protocol:
Open Network Connections. Click the connection with Internet Connection Firewall enabled, and then under "Network Tasks" → "Change Settings for this Connection" -> click "Advanced" → "Settings" → "ICMP" tab, select the request that you want your computer to respond to. Check box next to the type of information.