What Do You Want to Block Today? - Page 2

 By Brien M. Posey
Page 2 of 2   |  Back to Page 1
Print Article

First, the Windows XP firewall isn't a full featured firewall. Normal firewalls allow you to specifically control each TCP and UDP port. Windows XP's firewall doesn't provide you with this capability. Instead, it takes a point and click approach to enabling or disabling a few common ports, as shown in Figure C. The firewall's logging capabilities are also minimal.

Figure C
Windows XP's firewall allows you to open or close a few common ports
Click to view full-sized in new window
(Click image to view full-sized in a new window)

Because of these described limitations, the Windows XP firewall shouldn't be used to take the place of a normal corporate firewall. Instead, it should be used as a supplement. Remember that your corporate firewall does a good job protecting your organization from external threats, but does noting to protect your organization from internal threats. On the other hand, the Windows XP firewall isn't a suitable replacement for a corporate firewall, but it can help guard workstations from hack attempts originating from within the organization. Therefore, I recommend enabling the Windows XP firewall on your workstations, but using the Windows XP firewall in conjunction with your corporate firewall.

Keep in mind though that even the multilevel firewall architecture that I just described isn't completely secure. The Windows XP firewall does a great job blocking inbound traffic, but makes no attempts to filter outbound traffic. This means that a hacker would have no trouble using your workstations as a part of a distributed denial of service attack. Unfortunately, there's no way to block outbound traffic at the Windows XP level, but you can configure your corporate firewall in a manner that protects your company against being used as a pawn in a Denial of Service attack.

Brien M. Posey is an MCSE who works as a freelance writer. His past experience includes working as the director of information systems for a national chain of health care facilities and as a network engineer for the Department of Defense.

This article was originally published on Nov 26, 2001
Get the Latest Scoop with Networking Update Newsletter