In this lesson you learn how to enable and configure some of the home and small business components in Windows XP Professional. These features include ICF, ICS, and Network Bridge.
A firewall protects a network against external threats from another network, including the Internet. Firewalls prevent an organization's networked computers from communicating directly with computers that are external to the network and prevent computers external to the network from communicating directly with the computers in the organization's network. All incoming and outgoing communication is routed through a proxy server outside the organization's network. Firewalls also audit network activity, recording the volume of traffic and information about attempts to gain unauthorized access. ICF is firewall software that is used to set restrictions on what information is communicated from your home or small business network to and from the Internet.
To enable and configure ICF, do the following:
Windows XP Professional displays the Network Connections window.
To disable ICF, clear the Protect My Computer And Network By Limiting Or Preventing Access To This Computer From The Internet check box.
If you are not certain how to configure ICF, click Network Setup Wizard instead of Settings.
Windows XP Professional displays the Advanced Settings dialog box (see Figure 17.5).
Figure 17.5 The Services tab of the Advanced Settings dialog box
The Services tab allows you to specify the services running on your network that Internet users can access.
The Security Logging tab allows you to specify whether or not you want to log dropped packets and successful connections. It also allows you to set the size limit and location of the log file. By default, the log file is PFIREWALL.LOG and the size limit is 4096 KB.
To enable security logging, select one or both of the following options: Log Dropped Packets and Log Successful Connections. To view the security log file, in the Security tab, click Browse.
The ICMP tab allows you to select which requests for information from the Internet this computer will respond to (see Table 17.5). By default none of these check boxes are selected.
Internet Control Message Protocol (ICMP) allows computers on a network to share error and status information.
Table 17.5 Configurable ICMP Options
Option | Description |
---|---|
Allow Incoming Echo Request | Messages sent to the computer will be repeated back to the sender. This option is commonly used for troubleshooting, such as pinging a computer. |
Allow Incoming Timestamp Request | Data sent to this computer can be acknowledged with a confirmation message indicating the time that the data was received. |
Allow Incoming Mask Request | This computer will listen for and respond to requests for more information about the public network to which it is attached. |
Allow Incoming Router Request | This computer will respond to requests for information about the routes it recognizes. |
Allow Outgoing Destination Unreachable | Data sent over the Internet that fails to reach this computer because of an error will be discarded and acknowledged with a "Destination Unreachable" message explaining the failure. |
Allow Outgoing Source Quench | When this computer's ability to process incoming data cannot keep up with the rate of a transmission, data will be dropped and the sender will be asked to slow down. |
Allow Outgoing Parameter Problem | When this computer discards data it has received because of a problematic header, it will reply to the sender with a "Bad Header" error message. |
Allow Outgoing Time Exceeded | When this computer discards an incomplete data transmission because the entire transmission required more time than allowed, it will reply to the sender with a "Time Expired" message. |
Allow Redirect | Data sent from this computer will be rerouted if the default path changes. |
If you enable any of the ICMP options, your network can become visible to the Internet and vulnerable to attack.
The following are some important ICF considerations:
ICS allows you to connect multiple computers on your home or small business network to the Internet using one connection. One of the computers on your network connects to the Internet using a cable modem, DSL modem, or dial-up modem. You enable ICS on the computer that has the Internet connection and it becomes the ICS host. The other computers on the network then connect to the Internet through this connection.
ICS is available in the Windows XP Professional 32-bit edition and the Windows XP Home Edition, but it is not available in the Windows XP Professional 64-bit edition.
To enable ICS, do the following:
Windows XP Professional displays the Network Connections window.
The following two additional check boxes are available when you enable ICS (see Figure 17.6):
Figure 17.6 The Advanced tab of the Work Properties dialog box
If you enable any of the services, you are allowing someone accessing the Internet to contact a service or computer on your private network. If you are not sure how to configure these settings, click Network Setup Wizard.
The following are important ICS considerations:
Network Bridge allows you to connect LAN segments, groups of networked computers, without having to use routers or bridges. Network Bridge allows you to connect different types of network media. Before Network Bridge, if you were using more than one media type, you needed a different subnet for each media type. Packet forwarding would be required because different protocols are used on different media types. Network Bridge automates the configuration that is required to forward information from one media type to another.
Network Bridge uses the Institute of Electrical and Electronics Engineers (IEEE) Spanning Tree Algorithm (STA). STA provides an automated mechanism to ensure that the forwarding topology is loop free. You do not have to do any configuration to configure Network Bridge for STA.
To configure Network Bridge, do the following:
Windows XP Professional displays the Network Connections window.
The following are important Network Bridge considerations:
Network Bridge is available in the Windows XP Professional 32-bit edition and the Windows XP Home Edition, but it is not available in the Windows XP Professional 64-bit edition.
The Network Setup Wizard is another one of the home and small business components in Windows XP Professional. You first run the Network Setup Wizard on the computer that will be your ICS host computer. The Network Setup Wizard automatically enables and configures ICS and ICF for you. After you run the Network Setup Wizard on the ICS host computer, run it on each of the other computers in the network. All computers other than the ICS host computer are known as client computers. The wizard automatically configures all of the computers on the network so that they function properly in the network.
To run the Network Setup Wizard, do the following:
In this practice, you enable and configure ICF and ICS.
Run the ICFandICS file in the Demos folder on the CD-ROM accompanying this book for a demonstration of enabling and configuring ICF and ICS.
In this exercise, you enable ICF on your computer. You also configure it by increasing the maximum size of the Security Log file.
Windows XP Professional displays the Network Connections window.
Windows XP Professional displays the Work Properties dialog box with the General tab selected.
By default, the Protect My Computer And Network By Limiting Or Preventing Access To This Computer From The Internet check box is cleared, indicating that ICF is not enabled.
There should be a check mark in the Protect My Computer And Network By Limiting Or Preventing Access To This Computer From The Internet check box, and the Settings button should now be available.
Windows XP Professional displays the Advanced Settings dialog box with the Services tab selected.
Leave the Network Connections window open for the next exercise.
In this exercise, you enable ICS on your computer. You also configure ICS by enabling on-demand dialing for the users sharing this connection to the Internet.
The Work connection is not a connection to the Internet, but for the purposes of this exercise you can enable ICS for it.
Windows XP Professional displays the Work Properties dialog box with the General tab selected.
There should not be a check mark in the Allow Other Network Users To Connect Through This Computer's Internet Connection check box, indicating that ICS is not enabled by default.
There should now be a check mark in the Allow Other Network Users To Connect Through This Computer's Internet Connection check box.
There should now be a check mark in the Establish A Dial-Up Connection Whenever A Computer On My Network Attempts To Access The Internet check box.
The following questions will help you determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next chapter. The answers are in Appendix A, "Questions and Answers."