With more small business than ever, the likelihood for small entities connected full time to the Internet has increased greatly. And it's not just a home-computing phenomenon; companies are using more remote or home-based workers than ever, and the predictions are that this phenomenon will increase. Windows XP has enhanced security features that should help cope with this situation. This tip, excerpted from InformIT, discusses the properties of the kernel-level Internet firewall.
Because many small business and home users have increased their use of high-bandwidth connections to the Internet (including cable modems; ISDN; and in the case of small businesses, fractional T1 and full T1 lines), there's been the corresponding need for greater security than ever before. As the lower-end routers from D-Link, 3COM, and others have shown, there's a robust need for Internet security in homes and small businesses. Microsoft's inclusion of their Internet Connection Firewall is actually a packet filter that acts as a software-based checking mechanism to ensure that the only packets that are received and sent are ones authorized by the authentication policies of the PC or workstation running Windows XP.
The Internet Connection Filter is actually part of a broader Internet Connection Sharing host that acts as the gateway with the other systems that need access to the Internet. When enabled, the Internet Connection Firewall blocks all unsolicited connections originating from the Internet. To accomplish this, the firewall uses the logic of the Network Address Translator (NAT) to validate incoming requests for access to a network or the local host. If the network communication did not originate within the protected network, or if no port mapping was created, the incoming data will be dropped. Internet Connection Firewall is available for the following types of connections: local area network (LAN), Point-to-Point Over the Ethernet (PTPOE), Virtual Private Network (VPN), or dial-up. Internet Connection Firewall prevents the scanning of ports and resources (file and printer shares) from external sources. For example, if someone on the Internet runs a scanning program on your public connection or attempts to connect to your system's resources, the firewall prevents release of any information from the ports and services available on your network.
To read the article from which this tip is excerpted, click over to InformIT. You have to register there, but the registration is free.
Louis Columbus is the author of The Windows 2000 Professional Handbook - Administrator's Advantage Series.