: The FireWall (FW) is a hardware and/or software based two-way monitor, detector and filter (blocker/unblocker) of ingress/inbound [incoming = originated from internet/network computer(s)] and egress/outbound [outgoing = originated from local networked computer(s)] data/packets, set to block/prevent/stop and/or allow/permit/proxy the transmitting (broadcast) of unauthorized, personal, private and/or local/network computer data/packets to dedicated internet/network based servers/applications and the receiving (download) of unauthorized, internet/network based adware, malware and/or spyware data/packets from reaching/infesting the local/network computer(s).More info.
Windows Firewall NEW features:
Stateful inspection is explained @ Wikipedia.
- packet filtering does NOT block the Remote Assistance connection service!
- outbound/outgoing (egress) packet filtering is NOT available!
- packet filtering warnings are NOT available!
ICF/WF can be activated 5 ways:
Defaults are set mainly for outbound traffic, and out-of-the-box ICF/WF blocks only a few ports and protocols Microsoft deems unsafe, which is way too risky for every day browsing. :(Therefore it is strongly advised to tweak them manually to enjoy a safer Internet experience: select the Network Connection Settings tab click the Settings button customize ICF/WF to your needs.The good news is ICF/WF blocks RPC calls to TCP port 135 (see port list below for details) by default. :)Start by making rules (as you should with any decent FW) for each app, domain, protocol, port etc, separately for outbound and/or inbound, respectively.A rule set does one of two things: (1) blocks [disables] or (2) unblocks [enables] a particular app/port/protocol/domain/IP/server/computer/etc from/to access(ing) the internet as a whole, or targets one or more specific internet/network(s) port(s)/domain(s)/server(s)/computer(s).
- Microsoft: Using Windows Firewall.
- MS TechNet: Windows Firewall Operations Guide.
- MS TechNet: Manually Configuring Firewall in XP SP2.
- MS DOC: Deploying Windows Firewall Settings in XP SP2 [1 MB, DOC format, right-click to save!].
- MS DOC: Using Firewall INF in XP SP2 [110 KB, DOC format, right-click to save!].
- MSKB: Troubleshoot Windows Firewall Settings in XP SP2.
- MSKB: How To Turn On/Off ICF in Windows XP.
- Ramesh: About Windows XP Internet Connection Firewall.
- TweakHound: The Windows XP Security Center.
- The Register: WinXP SP2 = Security Placebo?
- Practically Networked.
- MS TechNet: ICF security log overview.
- Windows Firewall Control (WFC).
- Windows Firewall Notifier (WFN).
- XP Firemon.
- FireLogXP ICF Log Interpreter.
- XP Firewall Log Viewer.
- XP Logger.
- Microsoft OEM FireWall (OEMFWALL.EXE) tool [12 KB].
- Port: Positive integer number used to identify an endpoint to a logical connection among TCP/IP and UDP networked computers/devices/terminals. Each assigned port number transmits/receives specific data.
Protocol: Standardized format for transmitting/receiving data among computers/devices/terminals:
- TCP Protocol: transmits/receives data among connected computers/devices/terminals while forming a session, ensuring delivery and error checking.
- UDP Protocol: transmits/receives data among connected computers/devices/terminals without forming a session, confirmation, nor error checking.
Internet Protocol (IP) Address:
- IPv4 Standard (old):32-bit identifier (numeric address) formed of a group of four 1-3 digit positive integer numbers separated by dots (.) used to identify a networked computer/device/terminal. Format:where xxx = any positive integer number between 0 and 255.More info.Requires network hardware + software capable of Network Address Translation (NAT).
IPv6 Standard (new):The IPv6 address contains 2 logical parts:
- 64-bit network prefix and
- 64-bit host address, usually detected and generated automatically from the interface MAC address.
128-bit identifier (hexadecimal address) formed of eight groups of 4 hexadecimal digits, each group representing 16 bits (2 octets) separated by colons (:) used to identify a networked computer/device/terminal. Format:where xxxx = any 4 digit 16-bit hexadecimal number, from 0000 up to ffff (case insensitive); leading zero(es) may be omitted (example): 0000 can be abbreviated as 0 .More info.Requires network hardware + software capable of:
- StateLess Address AutoConfiguration (SLAAC).
- Dynamic Host Configuration Protocol for IPv6 (DHCPv6).
- Internet Protocol Security (IPsec).
Local/private/intranet networked computers/devices/terminals can be assigned any random (unique) IP address specific only to that particular network. Internet/public IP addresses must be registered with a Regional Internet Registry (RIR): AfriNIC, APNIC, ARIN, LACNIC or RIPE to avoid duplication.
Most frequently used (a.k.a. common, known, assigned) ports in alphabetical order [can’t surf without them ;)]:
Most frequently used Trojan/Zombie ports [malware, •MUST ALWAYS• block!]:
There are a total of 65535 ports (a.k.a. address numbers), used by networked computers to create logical connections, and categorized as follows:
More port info:
Note that port numbers are assigned on per application/server approval basis by IANA (Internet Assigned Numbers Authority), the world wide (global) profit-free organization responsible for managing and distributing internet ports to companies, businesses, vendors, ISPs etc.IANA posts periodically a complete list of all ports (must be in public domain) and entities currently using them.
ICF/WF guidelines: when you let an app through, open ONLY the TCP/UDP port(s) you know it needs to use in order to operate over the internet/network(s), and close ALL OTHER ports, especially the ones you know are on the “black” list: some of the known exposed (dangerous) ports are listed after you complete the security port scan tests at Gibson Research.More internet security resources.
Try not to block/unblock both TCP and UDP within the same rule for the same app/protocol, make separate rules for each, as you should also for outbound and inbound, respectively.
That’s why I •strongly• recommend, especially if surfing on broadband (xDSL, cable, satellite or Wi-Fi), and/or using more than one computer to access the internet, to purchase a good multipurpose 4-port (or more, depending on your needs) router with built-in hardware firewall and IPv6 capabilities. Your best bet is a wireless broadband router with 4-port 10/100/1G Ethernet switch with auto-speed sensing and Wi-Fi encryption. See also this review.
- (Application Layer Gateway Service) = integral part of the built-in ICF/WF, controls FTP connections among other functions. Needs to run for the ICF/WF to work properly.
- (Generic Host Process for Win32 Services) = integral part of XP OS, mandatory to run at all times, it canNOT be stopped or (re)started manually, loads/unloads/manages internal/external 32-bit DLLs/other services, and in normal conditions more than one Svchost.exe instance/thread will always be open.
:Firewall + Security resources.
MSKB: Programs that may require to open ports manually.
Valid command line switches: