Lesson 3:Enabling and Configuring Home and Small Business Components

In this lesson you learn how to enable and configure some of the home and small business components in Windows XP Professional. These features include ICF, ICS, and Network Bridge.


After this lesson, you will be able to

  • Enable and configure ICF
  • Enable and configure ICS
  • Enable and configure Network Bridge

Estimated lesson time: 45 minutes


Enabling and Configuring Internet Connection Firewall

A firewall protects a network against external threats from another network, including the Internet. Firewalls prevent an organization's networked computers from communicating directly with computers that are external to the network and prevent computers external to the network from communicating directly with the computers in the organization's network. All incoming and outgoing communication is routed through a proxy server outside the organization's network. Firewalls also audit network activity, recording the volume of traffic and information about attempts to gain unauthorized access. ICF is firewall software that is used to set restrictions on what information is communicated from your home or small business network to and from the Internet.

To enable and configure ICF, do the following:

  1. On the Start menu, click My Computer, click My Network Places, and then click View Network Connections.

    Windows XP Professional displays the Network Connections window.

  2. Click the dial-up, LAN, or high-speed Internet connection that you want to protect.
  3. Under Network Tasks, click Change Settings Of This Connection.
  4. In the Advanced tab, select the Protect My Computer And Network By Limiting Or Preventing Access To This Computer From The Internet check box.

    To disable ICF, clear the Protect My Computer And Network By Limiting Or Preventing Access To This Computer From The Internet check box.

  5. To configure ICF, click Settings.

    If you are not certain how to configure ICF, click Network Setup Wizard instead of Settings.

    Windows XP Professional displays the Advanced Settings dialog box (see Figure 17.5).

    Figure 17.5 The Services tab of the Advanced Settings dialog box

    The Services tab allows you to specify the services running on your network that Internet users can access.

    The Security Logging tab allows you to specify whether or not you want to log dropped packets and successful connections. It also allows you to set the size limit and location of the log file. By default, the log file is PFIREWALL.LOG and the size limit is 4096 KB.

    To enable security logging, select one or both of the following options: Log Dropped Packets and Log Successful Connections. To view the security log file, in the Security tab, click Browse.

    The ICMP tab allows you to select which requests for information from the Internet this computer will respond to (see Table 17.5). By default none of these check boxes are selected.

Internet Control Message Protocol (ICMP) allows computers on a network to share error and status information.

Table 17.5 Configurable ICMP Options

Option Description

Allow Incoming Echo Request

Messages sent to the computer will be repeated back to the sender. This option is commonly used for troubleshooting, such as pinging a computer.

Allow Incoming Timestamp Request

Data sent to this computer can be acknowledged with a confirmation message indicating the time that the data was received.

Allow Incoming Mask Request

This computer will listen for and respond to requests for more information about the public network to which it is attached.

Allow Incoming Router Request

This computer will respond to requests for information about the routes it recognizes.

Allow Outgoing Destination Unreachable

Data sent over the Internet that fails to reach this computer because of an error will be discarded and acknowledged with a "Destination Unreachable" message explaining the failure.

Allow Outgoing Source Quench

When this computer's ability to process incoming data cannot keep up with the rate of a transmission, data will be dropped and the sender will be asked to slow down.

Allow Outgoing Parameter Problem

When this computer discards data it has received because of a problematic header, it will reply to the sender with a "Bad Header" error message.

Allow Outgoing Time Exceeded

When this computer discards an incomplete data transmission because the entire transmission required more time than allowed, it will reply to the sender with a "Time Expired" message.

Allow Redirect

Data sent from this computer will be rerouted if the default path changes.

If you enable any of the ICMP options, your network can become visible to the Internet and vulnerable to attack.

The following are some important ICF considerations:

  • ICF is available in the Windows XP Professional 32-bit edition and the Windows XP Home Edition, but it is not available in the Windows XP Professional 64-bit edition.
  • ICF should be enabled on your shared Internet connection if your network is using ICS to provide Internet access to multiple computers.
  • ICF also protects a single computer that is connected to the Internet with a cable modem, a DSL modem, or a dial-up modem.
  • ICF should not be enabled on VPN connections or on client computers; it will interfere with file and printer sharing.

Enabling Internet Connection Sharing

ICS allows you to connect multiple computers on your home or small business network to the Internet using one connection. One of the computers on your network connects to the Internet using a cable modem, DSL modem, or dial-up modem. You enable ICS on the computer that has the Internet connection and it becomes the ICS host. The other computers on the network then connect to the Internet through this connection.

ICS is available in the Windows XP Professional 32-bit edition and the Windows XP Home Edition, but it is not available in the Windows XP Professional 64-bit edition.

To enable ICS, do the following:

  1. On the Start menu, click My Computer, click My Network Places, and then click View Network Connections.

    Windows XP Professional displays the Network Connections window.

  2. Click the dial-up, LAN, PPPoE, or VPN Internet connection that you want to share.
  3. Under Network Tasks, click Change Settings Of This Connection.
  4. In the Advanced tab, select the Allow Other Network Users To Connect Through This Computer's Internet Connection check box.

    The following two additional check boxes are available when you enable ICS (see Figure 17.6):

    • Establish A Dial-Up Connection Whenever A Computer On My Network Attempts To Access The Internet. This check box allows you to enable on-demand dialing for the shared connection.
    • Allow Other Network Users To Control Or Disable The Shared Internet Connection. This check box allows you to enable client control for this shared Internet connection.

    Figure 17.6 The Advanced tab of the Work Properties dialog box

  5. To configure ICS and select the services running on your network that Internet users can access, click Settings.

If you enable any of the services, you are allowing someone accessing the Internet to contact a service or computer on your private network. If you are not sure how to configure these settings, click Network Setup Wizard.

The following are important ICS considerations:

  • Do not use ICS on networks with Microsoft Windows 2000 Server domain controllers, Domain Name System (DNS) servers, gateways, Dynamic Host Configuration Protocol (DHCP) servers, or computers configured for static IP addresses.
  • The ICS host computer needs two network connections. The LAN connection automatically created by installing a network adapter connects it to the other computers on the network. The second connection uses a dial-up modem, ISDN, DSL modem, or high-speed connection to connect to the Internet. Only enable ICS on the connection to the Internet.
  • Enabling ICS automatically assigns a static IP address to the LAN connection to the network. Any TCP/IP connections will be lost and need to be reestablished.

Enabling and Configuring Network Bridge

Network Bridge allows you to connect LAN segments, groups of networked computers, without having to use routers or bridges. Network Bridge allows you to connect different types of network media. Before Network Bridge, if you were using more than one media type, you needed a different subnet for each media type. Packet forwarding would be required because different protocols are used on different media types. Network Bridge automates the configuration that is required to forward information from one media type to another.

Network Bridge uses the Institute of Electrical and Electronics Engineers (IEEE) Spanning Tree Algorithm (STA). STA provides an automated mechanism to ensure that the forwarding topology is loop free. You do not have to do any configuration to configure Network Bridge for STA.

To configure Network Bridge, do the following:

  1. On the Start menu, click My Computer, click My Network Places, and then click View Network Connections.

    Windows XP Professional displays the Network Connections window.

  2. Under LAN or High-Speed Internet, select each of the private network connections that you want to make part of the bridge.
  3. Right-click one of the selected private network connections, and then click Bridge Connections.

The following are important Network Bridge considerations:

  • Only Ethernet adapters, IEEE-1394 adapters, or Ethernet-compatible adapters, such as wireless or home phone network adapter (HPNA), can be part of the Network Bridge.
  • Adapters that have ICF or ICS enabled cannot be included in the Network Bridge.
  • You can add connections to the Network Bridge after it has been created, using the Add To Bridge menu command.
  • Only one bridge can exist on a Windows XP Professional computer, but it can be used to connect as many different media types as the computer can physically accommodate.
  • You cannot create a bridge connection on computers running Windows 2000 or an earlier version of Windows.

Network Bridge is available in the Windows XP Professional 32-bit edition and the Windows XP Home Edition, but it is not available in the Windows XP Professional 64-bit edition.

Using the Network Setup Wizard

The Network Setup Wizard is another one of the home and small business components in Windows XP Professional. You first run the Network Setup Wizard on the computer that will be your ICS host computer. The Network Setup Wizard automatically enables and configures ICS and ICF for you. After you run the Network Setup Wizard on the ICS host computer, run it on each of the other computers in the network. All computers other than the ICS host computer are known as client computers. The wizard automatically configures all of the computers on the network so that they function properly in the network.

To run the Network Setup Wizard, do the following:

  1. On the Start menu, click Control Panel.
  2. In Control Panel, click Network And Internet Connections.
  3. Click Network Connections and under Pick A Task, click Set Up Or Change Your Home Or Small Office Network.

Practice: Enabling and Configuring ICF and ICS

In this practice, you enable and configure ICF and ICS.

Run the ICFandICS file in the Demos folder on the CD-ROM accompanying this book for a demonstration of enabling and configuring ICF and ICS.

Exercise 1: Enabling and Configuring ICF

In this exercise, you enable ICF on your computer. You also configure it by increasing the maximum size of the Security Log file.

To enable and configure ICF

  1. Log on as Fred or with an account that is a member of the Administrators group.
  2. On the Start menu, click My Computer, click My Network Places, and then click View Network Connections.

    Windows XP Professional displays the Network Connections window.

  3. Click the Work connection that you created in Lesson 2.
  4. Under Network Tasks, click Change Settings Of This Connection.

    Windows XP Professional displays the Work Properties dialog box with the General tab selected.

  5. Click the Advanced tab.

    By default, the Protect My Computer And Network By Limiting Or Preventing Access To This Computer From The Internet check box is cleared, indicating that ICF is not enabled.

  6. Click Protect My Computer And Network By Limiting Or Preventing Access To This Computer From The Internet.

    There should be a check mark in the Protect My Computer And Network By Limiting Or Preventing Access To This Computer From The Internet check box, and the Settings button should now be available.

  7. Click Settings to configure ICF.

    Windows XP Professional displays the Advanced Settings dialog box with the Services tab selected.

  8. Click Security Logging.
  9. Under Log File Options, increase the size of the Security Log file to 4500 KB. Click OK to close the Advanced Settings dialog box.
  10. Click OK to close the Work Properties dialog box and to enable ICF.

    Leave the Network Connections window open for the next exercise.

Exercise 2: Enabling and Configuring ICS

In this exercise, you enable ICS on your computer. You also configure ICS by enabling on-demand dialing for the users sharing this connection to the Internet.

To enable and configure ICS

  1. In the Network Connections window, click Work.

    The Work connection is not a connection to the Internet, but for the purposes of this exercise you can enable ICS for it.

  2. Under Network Tasks, click Change Settings Of This Connection.

    Windows XP Professional displays the Work Properties dialog box with the General tab selected.

  3. Click the Advanced tab.

    There should not be a check mark in the Allow Other Network Users To Connect Through This Computer's Internet Connection check box, indicating that ICS is not enabled by default.

  4. Click the Allow Other Network Users To Connect Through This Computer's Internet Connection check box.

    There should now be a check mark in the Allow Other Network Users To Connect Through This Computer's Internet Connection check box.

  5. Click Establish A Dial-Up Connection Whenever A Computer On My Network Attempts To Access The Internet to configure ICS by enabling on-demand dialing for the shared connection.

    There should now be a check mark in the Establish A Dial-Up Connection Whenever A Computer On My Network Attempts To Access The Internet check box.

  6. Click OK to close the Work Properties dialog box.

Lesson Review

The following questions will help you determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next chapter. The answers are in Appendix A, "Questions and Answers."

  1. What is ICF?
  2. What happens if you configure ICF and enable any one of the ICMP options?
  3. By default, the ICF Security Log file is named ____________________ and has a size limit of _____________.
  4. Which of the following statements about ICF are correct? (Choose all answers that are correct.)
    1. ICF is available in the Windows XP Professional 64-bit edition.
    2. ICF should not be enabled on VPN connections.
    3. ICF should be enabled on your shared Internet connection.
    4. ICF must be purchased as an add-on package and is not included in Windows XP Professional.
  5. When do you use ICS?
  6. How do you enable on-demand dialing for a shared ICS connection?
  7. What is Network Bridge and what algorithm does it use?
  8. Which of the following types of adapters can you use in a Network Bridge? (Choose all answers that are correct.)
    1. Ethernet adapters
    2. IEEE-1394 adapters
    3. Token Ring adapters
    4. Adapters that have ICF or ICS enabled

Lesson Summary

  • Internet Connection Firewall (ICF) is firewall software that you use to set restrictions on what information is communicated from your network to and from the Internet.
  • ICF is enabled by selecting the Protect My Computer And Network By Limiting Or Preventing Access To This Computer From The Internet check box located in the Advanced tab of the connection's Properties dialog box.
  • ICF, ICS, and Network Bridge are available in the Windows XP Professional 32-bit edition and the Windows XP Home Edition, but they are not available in the Windows XP Professional 64-bit edition.
  • ICF should not be enabled on VPN connections or on client computers because it will interfere with file and printer sharing.
  • ICS allows you to connect multiple computers on your home or small business network to the Internet using one connection.
  • ICS is enabled by selecting the Allow Other Network Users To Connect Through This Computer's Internet Connection check box located in the Advanced tab of the connection's Properties dialog box.
  • On-demand dialing for ICS is enabled by selecting Establish A Dial-Up Connection Whenever A Computer On My Network Attempts To Access The Internet.
  • ICS should not be used on networks with Windows 2000 Server domain controllers, DNS servers, gateways, DHCP servers, or computers configured for static IP addresses.
  • Network Bridge allows you to connect LAN segments, groups of networked computers, without having to use routers or bridges to connect them.
  • Network Bridge uses the IEEE Spanning Tree Algorithm (STA).



MCSE Training Kit(c) Microsoft Windows XP Professional (Exam 70-270 2001)
MCSE Training Kit(c) Microsoft Windows XP Professional (Exam 70-270 2001)
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 128

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net