| Most home users and businesses have expanded beyond the borders of their local intranet; the Internet has become a powerful tool for them. However, expanding beyond the local intranet makes private networks vulnerable to security attacks. Opening the door for users on the intranet to access the Internet in turn opens a door for attackers to your private network. So as more and more home users and businesses connect to the Internet, security becomes crucial. Providing Internet access for users also means looking for ways to secure your private network from Internet attacks. One of the ways in which you can secure your private network is to deploy a firewall. What Is a Firewall? A firewall can be hardware or software based. The purpose of a firewall is to create a barrier between the Internet and your private network. It allows users on the intranet to access Internet resources and at the same time restricts Internet access to your private network. A firewall can protect your network from Internet attacks such as viruses and Denial of Service attacks. It can also ensure that Internet users do not have access to confidential information stored on your network. Table 7.3 describes some of the common attacks from which a firewall can protect your network. Table 7.3. Common Internet Attacks | Internet Attack | Description | | Ping of Death | A remote computer continuously sends ping requests larger than 64KB to overflow the internal buffer on another computer. | | All Port Scan Attack | A remote computer accesses more than the available number of ports to look for a weakness. | | Land Attack | This attack is a form of spoofing in which the source IP address is changed to appear as though it is the same as the destination IP address. | | Denial of Service | This attack is designed to hinder normal use of a computer or network. | | UDP Bomb attack | UDP packets containing invalid values for various fields are sent. | | Worms | This malicious software replicates itself to other computers usually via email. | | Virus | This program or malicious code secretly replicates itself by attaching to a medium such as another program, the boot sector, a partition sector, or a document that contains macros. | | Trojan horse | This virus is designed to compromise security, such as stealing passwords. The purpose of a Trojan horse is to trick users into believing they are doing one thing when in fact they are doing something else. |
 | Here, reference is made to a firewall being able to protect a network from any external intrusion. However, even if you have only a single computer, you should still deploy a firewall if the computer has an Internet connection. |
As already mentioned, a firewall can be hardware or software based. In either case, the firewall examines and filters packets from the Internet going to the local computer or private network. A firewall can also operate at different layers of the OSI Model. A firewall that operates at the Network layer inspects incoming packets and grants or denies access based on source and destination IP address as well as port numbers . A firewall that functions at the Application layer provides more sophisticated functions such as granting or denying access based on applications. Although some firewalls can be very complex to configure, the idea behind them is relatively straightforward. A firewall creates a barrier between the Internet and your private network by intercepting all inbound packets before they reach the private network. The firewall inspects the information within a packet's header and grants or denies access based on configured rules. For example, all FTP traffic for port 23 can be granted access, whereas all other traffic is denied . Firewalls come in many different shapes and sizes. The type of firewall you implement is largely determined by the level of security you require. Fortunately, if you are looking for a simple and easy-to-use solution, you can implement the Internet Firewall Component included with Windows XP. Internet Connection Firewall Windows XP includes a software-based firewall component called Internet Connection Firewall (ICF) . It allows you to safely connect your computer or network to the Internet. Once enabled, ICF restricts the flow of packets between the Internet and your private network. If you have ever worked with or configured various firewall solutions, you know that many of them are difficult to install and properly configure. Fortunately, Windows XP offers a firewall solution that is simple to enable and requires little or no configuration. You can enable ICF to secure a single computer with an Internet connection, or you can enable it on a computer that has a shared Internet connection. So, how exactly does ICF work? ICF inspects each packet destined for the private network. It maintains a table to determine which incoming traffic was initiated on the local network ”for example, a user on the private network accessing an FTP server on the Internet. Any incoming traffic resulting from this request is allowed through the firewall. If an inbound request was not initiated by the local computer or a computer on the private network, it is not allowed through the firewall. ICF uses the following methods to determine which packets to allow through the firewall and which packets to drop: -
Any incoming packets that match a request initiated on the private network are allowed through the firewall. -
Any incoming packets that do not match a request initiated on the private network are not allowed to pass through the firewall. -
Those incoming packets that will create a new entry in the table are allowed through the firewall. In some cases, you may need to make resources on the private network available to users on the Internet. In other words, a certain type of traffic initiated on the Internet is allowed to pass through the firewall. You can do so by creating static rules that allow traffic on a specific port to pass through the firewall. For example, if you have an FTP server on the private network, you can open port 21.  | ICF can be used to filter incoming traffic. If you want to filter outgoing traffic, you need to implement a more sophisticated firewall solution. |
Enabling ICF The ICF component of Windows XP can be enabled in a number of different ways. For example, you can enable it using the Network Setup Wizard. ICF can also be enabled manually using the Network Connection applet in the Control Panel. You can use the following steps to enable ICF: -
Click Start, point to Settings, and click Control Panel.
-
Within the Control Panel, double-click the Network Connections applet. The Network Connections folder opens.
-
Select the Internet connection you want to protect and click Change Settings of This Connection under the list of Network Tasks. An alternate method is to right-click the Internet connection and click Properties.
-
Within the properties window for the Internet connection, click the Advanced tab.
-
Click the box beside the option Protect My Computer and Network by Limiting or Preventing Access to This Computer from the Internet (see Figure 7.5). Click OK. Figure 7.5. Enabling Internet Connection Firewall.  After enabling ICF, you can select the Settings button on the properties window's Advanced tab to control the flow of data. This topic is covered in the following section. Controlling the Flow of Data By default, ICF blocks all inbound packets that do not match an entry in the connection table. However, if you have services running on the private network you want to make available to Internet users, you can create a port mapping. | | Port mappings can redirect incoming traffic to another computer on the private network. To do this, Internet Connection Sharing must also be enabled. |
After ICF is enabled, certain predefined port mappings are created as well (see Figure 7.6). If you want to allow certain types of traffic through the firewall, place a check mark beside the appropriate protocol type (such as FTP) in the Advanced Settings dialog box and click OK. You can also create new port mappings by selecting the Add button on the Services tab. Figure 7.6. Configuring port mappings for Internet Connection Firewall. 
Common Firewall Configuration Problems Because many home offices and businesses are now opting to implement firewalls to secure their network, you need to be familiar with some of the common configuration problems that can arise and ways to troubleshoot them. After you enable ICF, you may encounter problems browsing the network and sharing the files on your computer with other users. If this situation occurs, verify the connection where ICF has been enabled. ICF should be enabled only on an Internet connection, not the connection used for the LAN. When ICF is enabled, it closes the ports. One of the most common problems you will encounter when using ICF is that an application does not work through the firewall. The cause of this problem is more than likely the service definitions. You need to enable or create a new service definition that will allow the application to function through the firewall. Doing so requires that you know what protocol and ports the application uses. Another common problem you may encounter is Internet users not being able to access a server, such as a Web server, on the private network. This is normal behavior because ICF blocks all traffic that does not correspond to an entry in the connection table. To make a specific service on the private network available to Internet users, you must create a service definition that allows the specific type of traffic through the firewall. | 