June 29, 2004 12:00 AM

Windows Firewall: Building Security

Initial testing on a standalone server gives you a good foundation for using this new feature

Randy Franklin Smith

Windows IT Pro

InstantDoc ID #42930

Rating:

(1)

Keep a Log
The Windows Firewall applet's Log Settings tab, which Figure 8 shows, lets you configure whether and how Windows Firewall logs its activity. (Be aware that Windows Firewall logging is disabled by default.) You can control whether Windows Firewall logs dropped packets or successful incoming and outgoing connections. Thus, the log can reveal every time someone tries and fails to connect to the computer, as well as each successful incoming connection and each time the computer opens an outgoing connection to another system, such as a local file server or a Web server over the Internet. The log records source and destination IP addresses and port numbers as well as lets you know whether the connection was dropped or successful. For example, the log output in Figure 9 shows that Windows Firewall rejected an attempt by a system at IP address 10.42.42.2 to connect to port 80 on the local workstation. The log then shows that the system at IP address 10.42.42.10 successfully connected to the local workstation through Remote Desktop Protocol (port 3389). Finally, the log shows that the local workstation connected to IP address 10.42.42.100 to execute a remote procedure call (RPC) transaction using port 135.

By default, Windows Firewall stores the log as C:\windows\pfirewall.log and sets a maximum log size of 4MB, but you can change the path and filename (the file must reside on the local system) as well as the maximum log size. When the log reaches the maximum, Windows appends .old to the log filename, then starts a new log under the path name specified on the Log Settings tab. The next time the log fills up, Windows again renames the log file (which then overrides the original, oldest file) and starts a new log.

Extend the Wall
Now that you understand how Windows Firewall works, you can determine how to best configure it for your environment. In my next article, I'll show you how to use Group Policy to automatically deploy SP2 to all your XP workstations and to centrally configure and control Windows Firewall on those machines.

Resources

WINDOWS & .NET MAGAZINE RESOURCES
You can obtain the following articles from Windows & .NET Magazine's Web site at http://www.winnetmag.com.

MARK MINASI
Inside Out, "Meet Windows Firewall," May 2004, InstantDoc ID 42293
"Countdown to XP SP2: More than a Firewall," May 2004 VIP Web Exclusive, InstantDoc ID 42553
"Countdown to XP SP2: Planning Ahead," May 2004 VIP Web Exclusive, InstantDoc ID 42552
"Countdown to XP SP2: Dealing with ICF," April 2004 VIP Web Exclusive, InstantDoc ID 42497
"Countdown to XP SP2: Forced Protection," April 2004 VIP Web Exclusive, InstantDoc ID 42496

RANDY FRANKLIN SMITH
Ask the Experts, "Assigning IPSec Policies to Servers and Workstations on Your Network," March 2003, InstantDoc ID 37946
"IP Security Filtering," June 2001 Web Exclusive, InstantDoc ID 21546

PAUL THURROTT
Need to Know, "What You Need to Know About New Security Features in Windows XP SP2," May 2004, InstantDoc ID 42266

SECURITY ADMINISTRATOR RESOURCE
You can obtain the following article from Security Administrator's Web site at
http://www.winnetmag.com/windowssecurity.

RANDY FRANKLIN SMITH
"IPSec and Group Policy: A Stronger Defense," August 2002, InstantDoc ID 25730

First
Previous
1
2
3
Next
Last

Windows Firewall: Building Security

Related Content: