15-49 5. To enable Windows Firewall for a connection, select the check box for that con- nection. To disable Windows Firewall for a connection, clear the check box for that connection. 6. Click OK to close the Windows Firewall dialog box. 7. Click OK to close the Properties dialog box for the network connection. Windows Firewall Advanced Options After enabling Windows Firewall, you might need to configure it for a specific situa- tion. You have several options for configuring Windows Firewall options, including the following: ■ Enabling Windows Firewall logging to log network activity ■ Creating an exception for a service or application to allow traffic through the firewall ■ Creating a custom service definition when a built-in exception does not suit your needs ■ Creating an Internet Control Message Protocol (ICMP) exception so that the com- puter responds to traffic from certain network utilities How to Enable Windows Firewall Logging You can configure Windows Firewall to log network activity, including any dropped packets or successful connections to the computer. Security logging is not enabled by default for Windows Firewall. To enable security logging for Windows Firewall, use these steps: 1. Click Start, and then click Control Panel. 2. In the Control Panel window, click Network And Internet Connections. 3. In the Network And Internet Connections window, click Windows Firewall. 4. In the Windows Firewall dialog box, on the Advanced tab, in the Security Logging section, click Settings. Windows displays the Log Settings dialog box, shown in Figure 15-26. 5. In the Logging Options section, select one or both of the following check boxes: ❑ Log Dropped Packets. Logs all dropped packets originating from the local network or the Internet. ❑ Log Successful Connections. Logs all successful connections originating from the network or the Internet. Lesson 5 Configuring Windows Firewall 15-50 Chapter 15 Configuring Network and Internet Connections F15us26r.bmp Figure 15-26 Enable security logging for Windows Firewall. 6. Note the location of the security log. By default, the log file is named pfirewall.log and is located in the %systemroot% folder. Click OK to close the Log Settings dia- log box. Click OK again to close the Windows Firewall dialog box. How to Access the Windows Firewall Log File After you enable logging, you can access the log file by browsing to its location and opening the file. Log entries provide insight about which packets have been successful in getting into the network and which have been rejected. There are two sections of the log: the header and the body. The header includes information about the version of Windows Firewall, the full name of the Windows Firewall, where the time stamp on the log learned of the time, and the field names used by the body of the log entry to display data. The body details the log data. There are 16 data entries per logged item, which include information about the date and time the log was written and information about the data that passed. This information tells which types of packets were opened, closed, dropped, and lost; which protocol was used in the data transmission; the destination IP address of the data; the port used by the sending computer; the port of the destination computer; and the size of the packet logged. To locate and open the Windows Firewall log file, use these steps: 1. Click Start, and then click Control Panel. 2. In the Control Panel window, click Network And Internet Connections. 3. In the Network And Internet Connections window, click Windows Firewall. 4. In the Windows Firewall dialog box, on the Advanced tab, in the Security Logging section, click Settings. 5. In the Log Settings dialog box, in the Log File Options section, click Save As. 6. In the Browse dialog box, right-click the pfirewall.txt file, and then click Open. 15-51 7. After reviewing the firewall log, close the Notepad window, click OK to exit the Log Settings dialog box, and then click OK again to close the Windows Firewall dialog box. Exam Tip You should know where Windows Firewall log files are stored, whether logging is available, and what kind of information you can learn from log files.  How to Create an Exception for a Service or Application By default, Windows Firewall blocks all unsolicited traffic. You can create exceptions so that particular types of unsolicited traffic are allowed through the firewall. For exam- ple, if you want to allow sharing of files and printers on a local computer, you must enable the File And Printer Sharing exception in Windows Firewall so that requests for the shared resources are allowed to reach the computer. Windows Firewall includes a number of common exceptions, such as Remote Assis- tance, Remote Desktop, File And Printer Sharing, and Windows Messenger. Windows Firewall also automatically extends the exceptions available for you to enable accord- ing to the programs installed on a computer. You can manually add exceptions to the list by browsing for program files. To create a global exception that applies to all network connections for which Win- dows Firewall is enabled, use these steps: 1. Click Start, and then click Control Panel. 2. In the Control Panel window, click Network And Internet Connections. 3. In the Network And Internet Connections window, click Windows Firewall. 4. In the Windows Firewall dialog box, click the Exceptions tab, shown in Figure 15-27. F15us27r.bmp Figure 15-27 Create a global exception for all connections in Windows Firewall. ! Lesson 5 Configuring Windows Firewall 15-52 Chapter 15 Configuring Network and Internet Connections 5. In the Programs And Services list, select the check box for the service you want to allow. If you need to add an exception for an installed program that does not appear on the list, click Add Program to locate the executable file for the program, and then enable the exception after the program is added to the list. 6. Click OK to close the Windows Firewall dialog box.  How to Create an Exception for a Particular Port If Windows Firewall does not include an exception for the traffic you need to allow, and adding an executable file to the list does not produce the results you need, you can also create an exception by unblocking traffic for a particular port. To create a global exception for a port that applies to all network connections for which Windows Firewall is enabled, use these steps. 1. Click Start, and then click Control Panel. 2. In the Control Panel window, click Network And Internet Connections. 3. In the Network And Internet Connections window, click Windows Firewall. 4. In the Windows Firewall dialog box, on the Exceptions tab, click Add Port. Windows displays the Add A Port dialog box. To create an exception based on a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port num- ber, you must know the proper port number used by an application or service to use this option. 5. Type a name for the exception, type the port number you want to allow access for, and then select whether the port is a TCP or UDP port. You can also change the scope to which the exception applies. Your options are to have the exception apply to any computer (including computers on the Inter- net), the local network only, or a custom list of IP addresses. 6. To change the scope of the exception, click Change Scope to open the Change Scope dialog box, where you can configure the scope options. Click OK to return to the Add A Port dialog box. 7. Click OK again to add the exception and return to the Windows Firewall dialog box. After you have added the exception, it appears in the Programs And Services list on the Exceptions tab of the Windows Firewall dialog box. 8. Select the check box for the exception to enable it. 9. Click OK to close the Windows Firewall dialog box. 15-53 To create a service exception for a particular network connection for which Windows Firewall is enabled, use these steps. 1. Click Start, and then click Control Panel. 2. In the Control Panel window, click Network And Internet Connections. 3. In the Network And Internet Connections window, click Windows Firewall. 4. In the Windows Firewall dialog box, on the Advanced tab, in the Network Con- nection Settings section, click the connection for which you want to configure an exception, and then click Settings. Windows displays the Advanced Settings dialog box, shown in Figure 15-28. F15us28r.bmp Figure 15-28 Create an exception for a particular network connection in Windows Firewall. 5. On the Services tab, click Add. Windows displays the Service Settings dialog box. 6. Type a description of the service. 7. If the computer on which you are configuring Windows Firewall is an ICS host, you can configure Windows Firewall to forward traffic for the port to a particular computer on the network by typing that computer’s IP address. If the computer is not an ICS host, you should enter the IP address for the local computer. Tip Instead of entering the IP address for the local computer, you can also use the loop- back address 127.0.0.1, which always refers to the local computer. This is useful should the IP address of the local computer change. Lesson 5 Configuring Windows Firewall 15-54 Chapter 15 Configuring Network and Internet Connections 8. Enter the port information for the service. 9. Click OK to close the Service Settings dialog box. Click OK to close the Advanced Settings dialog box. Click OK again to close the Windows Firewall dialog box.  ICMP Exceptions ICMP allows routers and host computers to swap basic error and configuration infor- mation. The information includes whether or not the data sent reaches its final desti- nation, whether it can or cannot be forwarded by a specific router, and what the best route for the data is. ICMP tools such as Pathping, Ping, and Tracert are often used to troubleshoot network connectivity. ICMP troubleshooting tools and their resulting messages are helpful when used by a network administrator, but harmful when used by an attacker. For instance, a network administrator sends a ping request in the form of an ICMP packet that contains an echo request message to the IP address that is being tested. The reply to that echo request message allows the administrator to verify that the computer is reachable. An attacker, on the other hand, can send a storm of specially formed pings that can overload a computer so that it cannot respond to legitimate traffic. Attackers can also use ping commands to determine the IP addresses of computers on a network. By configuring ICMP, you can control how a system responds (or does not respond) to such ping requests. By default, Windows Firewall blocks all ICMP messages. Table 15-5 provides details about ICMP exceptions you can enable in Windows Firewall. Table 15-5 ICMP Options ICMP Option Description Allow Incoming Echo Request Controls whether a remote computer can ask for and receive a response from the computer. Ping is a command that requires you to enable this option. When enabled (as with other options), attackers can see and contact the host computer. Allow Incoming Timestamp Request Sends a reply to another computer, stating that an incoming message was received and includes time and date data. Allow Incoming Mask Request Provides the sender with the subnet mask for the network of which the computer is a member. The sender already has the IP address; giving the subnet mask is all an administrator (or attacker) needs to obtain the remaining network information about the computer’s network. Allow Incoming Router Request Provides information about the routes the computer recognizes and passes on information it has about any routers to which it is connected. 15-55 Security Alert Generally, you should enable ICMP exceptions only when you need them for troubleshooting, and then disable them after you have completed troubleshooting. Make sure that you do not allow or enable these options without a full understanding of them and of the consequences and risks involved. How to Enable ICMP Exceptions To enable a global ICMP exception for all connections on a computer, use these steps: 1. Click Start, and then click Control Panel. 2. In the Control Panel window, click Network And Internet Connections. 3. In the Network And Internet Connections window, click Windows Firewall. 4. In the Windows Firewall dialog box, click the Advanced tab. 5. In the ICMP section, click Settings. 6. Select the check box for the exception you want to enable. 7. Click OK to close the ICMP Settings dialog box. Click OK again to close the Win- dows Firewall dialog box. Allow Outgoing Destination Unreachable The computer sends a Destination Unreachable error message to clients who attempt to send packets through the computer to a remote network for which there is no route. Allow Outgoing Source Quench Offers information to routers about the rate at which data is received; tells routers to slow down if too much data is being sent and it cannot be received fast enough to keep up. Allow Outgoing Parameter Problem The computer sends a Bad Header error message when the com- puter discards data it has received that has a problematic header. This message allows the sender to understand that the host exists, but that there were unknown problems with the message itself. Allow Outgoing Time Exceeded The computer sends the sender a Time Expired message when the computer must discard messages because the messages timed out. Allow Redirect Data that is sent from this computer will be rerouted if the path changes. Table 15-5 ICMP Options ICMP Option Description Lesson 5 Configuring Windows Firewall 15-56 Chapter 15 Configuring Network and Internet Connections To enable an ICMP exception for a network connection, use these steps: 1. Click Start, and then click Control Panel. 2. In the Control Panel window, click Network And Internet Connections. 3. In the Network And Internet Connections window, click Windows Firewall. 4. In the Windows Firewall dialog box, click the Advanced tab. 5. In the Network Connection Settings section, click the connection for which you want to configure an exception, and then click Settings. 6. In the Advanced Settings dialog box, click the ICMP tab, shown in Figure 15-29. F15us29r.bmp Figure 15-29 Create an ICMP exception for a connection. 7. Select the check box for the exception you want to enable. 8. Click OK to close the Advanced Settings dialog box. Click OK again to close the Windows Firewall dialog box. Troubleshooting Windows Firewall There are a few fairly common problems that end users encounter when using Win- dows Firewall, including the inability to enable or disable Windows Firewall on a con- nection, problems with file and print sharing, a network user’s inability to access a server on the network (such as a Web server), problems with Remote Assistance, and problems running Internet programs. When troubleshooting Windows Firewall, make sure that you remember to check the obvious first. The following are some basic rules that you must follow, and any 15-57 deviation from them can cause many of the common problems that are encountered when using Windows Firewall: ■ Windows Firewall can be enabled or disabled only by administrators. ICF can be enabled or disabled by a Local Security Policy or Group Policy, as well— sometimes preventing access even by a local administrator. ■ To share printers and files on a local computer that is running Windows Firewall, you must enable the File And Printer Sharing exception. ■ If the local computer is running a service, such as a Web server, FTP server, or other service, network users cannot connect to these services unless you create the proper exceptions in Windows Firewall. ■ Windows Firewall blocks Remote Assistance and Remote Desktop traffic by default. You must enable the Remote Desktop exception for remote users to be able to connect to a local computer with Remote Desktop or Remote Assistance. Practice: Configure Windows Firewall In this practice, you will ensure that Windows Firewall is enabled on all connections on your computer. You will disable and then re-enable Windows Firewall on your LAN connection only. You will then enable an exception in Windows Firewall for all con- nections. The practices in this exercise require that you have a properly configured LAN connection. Exercise 1: Ensure that Windows Firewall is Enabled For All Network Connections 1. Click Start, and then click Control Panel. 2. In the Control Panel window, click Network And Internet Connections. 3. In the Network Connections window, right-click your LAN connection, and then click Properties. 4. In the Local Area Connection Properties dialog box, on the Advanced tab, in the Windows Firewall section, click Settings. 5. In the Windows Firewall dialog box, ensure that On (Recommended) is selected. Also ensure that the Don’t Allow Exceptions check box is cleared. Leave both the Windows Firewall dialog box and the Local Area Connection Prop- erties dialog box open for the next exercise. Exercise 2: Disable and Re-Enable Windows Firewall on Your Local Area Connection Only 1. In the Windows Firewall dialog box, click the Advanced tab. 2. In the Network Connection Settings section, in the list of connections, clear the check box next to Local Area Connection, and then click OK. Lesson 5 Configuring Windows Firewall 15-58 Chapter 15 Configuring Network and Internet Connections Windows Firewall is now disabled for the local area connection. A bubble appears in the notification area informing you that your computer is at risk because the firewall is disabled. 3. In the Network Connections window, right-click Local Area Connection, and then click Properties. In the Local Area Connection Properties dialog box, click the Advanced tab. In the Windows Firewall section, click Settings. 4. In the Windows Firewall dialog box, on the Advanced tab, select the check box next to Local Area Connection, and then click OK. Windows Firewall is now enabled for the local area connection. Leave the Local Area Connection Properties dialog box open for the next exercise. Exercise 3: Enable an Exception in Windows Firewall for all Connections 1. In the Local Area Connection Properties dialog box, on the Advanced tab, in the Windows Firewall section, click Settings. 2. In the Windows Firewall dialog box, on the Exceptions tab, select the File And Printer Sharing check box. 3. Click OK. Windows Firewall is now configured to allow file and printer sharing traffic into your computer. 4. Click OK again to close the Local Area Connection Properties dialog box. Lesson Review Use the following questions to help determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next lesson. You can find answers to these questions in the “Questions and Answers” section at the end of this chapter. 1. You are troubleshooting a network connection and need to use the Ping com- mand to see if a computer is reachable. Which ICMP exception must you enable on that computer? Choose the correct answer. a. Allow Incoming Router Request b. Allow Incoming Echo Request c. Allow Outgoing Source Quench d. Allow Redirect [...]... Wi-Fi Protected Access (WPA) A wireless encryption standard available in Windows XP Professional that provides increased security over the WEP standard— the other encryption standard supported by Windows XP Professional Windows Firewall Professional A stateful, host-based firewall provided with Windows XP Wired Equivalent Privacy (WEP) One of two wireless encryption standards available in Windows XP. ..Lesson 5 Configuring Windows Firewall 1 5-5 9 2 By default, what two types of traffic does Windows Firewall allow into a computer? 3 Windows Firewall protects a computer running Windows XP Professional even while the computer is starting up (True/False) Lesson Summary ■ Windows Firewall is a software-based firewall built into Windows XP Professional Windows Firewall blocks all incoming... 802.1x authentication for wireless networking in Windows XP Professional, all wireless connections use the same authentication settings (True/False) False Windows XP Professional allows you to configure 802.1x authentication on a per-connection basis Lesson 4 Review Page 1 5-4 4 1 A user has set up ICS on a host computer that runs Windows XP Professional, but is experiencing problems with clients being able... Security Policy on a computer running Windows XP Professional ■ Describe how Group Policy affects a computer running Windows XP Professional ■ View policies that are in effect on a computer running Windows XP Professional Estimated lesson time: 40 minutes How to Configure Local Security Policy By using Local Security Policy, you can implement numerous security-relevant settings on a local computer,... advanced options ■ Dial-up connections work much like LAN connections, but they have additional options that let you control when the connection is dialed, the number for the connection, and other criteria for use To create a dial-up connection, you use the New Connection Wizard You can also configure Windows XP Professional to allow incoming dial-up connections ■ Windows XP Professional can operate... 192.168.0.254 range ■ Windows Firewall is a software-based firewall built into Windows XP Professional Windows Firewall blocks all incoming network traffic except for solicited traffic and excepted traffic You can enable or disable Windows Firewall globally for all network connections on a computer, or enable and disable it on individual connections Exam Highlights Before taking the exam, review the key... Internet Connection Sharing (ICS) A feature of Windows XP Professional that allows you to share one connection to the Internet with all computers on your network Network Bridge A feature that allows Windows XP Professional to connect network segments (groups of networked computers) without having to use a router or bridge New Connection Wizard A wizard in Windows XP Professional that can perform much of the... window, Windows displays the Security Templates add-in, as shown in Figure 1 6-4 1 6-8 Chapter 16 Configuring Security Settings and Internet Options F16us04 Figure 1 6-4 Add the Security Templates snap-in to a console 7 Right-click the predefined template you want to customize, and then click Save As 8 In the Save As dialog box, type a new name for your customized template, and then click OK Windows. .. available settings, refer to Chapter 16 of the Microsoft Windows XP Professional Resource Kit Documentation, available at http:// www .microsoft. com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/ prork_overview.asp How to Modify Local Security Policy To modify Local Security Policy, you use the Local Security Policy console (see Figure 1 6-1 ), which is found in the Administrative Tools... computers running Windows XP Professional Each computer has a built-in Ethernet network adapter and a built-in wireless network adapter, but none has been configured for networking All five of the computers will be used in demonstrations and must be networked together In addition, all the computers will need access to the Internet Because all the computers are running Windows XP Professional, you have . click Windows Firewall. 4. In the Windows Firewall dialog box, click the Exceptions tab, shown in Figure 1 5-2 7. F15us27r.bmp Figure 1 5-2 7 Create a global exception for all connections in Windows. use. To create a dial-up connection, you use the New Connection Wizard. You can also configure Windows XP Professional to allow incoming dial-up connections. ■ Windows XP Professional can operate. in Win- dows XP Professional that provides increased security over the WEP standard— the other encryption standard supported by Windows XP Professional. Windows Firewall A stateful, host-based