What Do You Want to Block Today?

Windows XP's built-in firewall may be a step in the right direction, but it can also be a double-edged sword. Read about the security advantages and limitations in Microsoft's latest offering.

 By Brien M. Posey
Page 1 of 2
Print Article

Since the release of Windows XP, there has been a lot of hype about security, and about Windows XPs built-in firewall. Although the built-in firewall certainly seems like a good step in the right direction, it can be a double-edged sword. In this article, Ill explain the good points and the bad points of the Windows XP firewall.

The Windows XP firewall is designed to block all inbound packets, unless those packets are in a direct response to a query that was sent out from the machine. The firewall is designed to help you keep hackers out of your system. As you can see in Figure A, port scanning a Windows XP machine that doesnt have the firewall enabled reveals some information that could be useful to a hacker. However, if you enable the firewall and then perform the same port scan a second time, nothing is revealed.

Figure A
Performing a port scan on a machine without the firewall reveals some useful information
Click to view full-sized in new window
(Click image to view full-sized in a new window)

Figure B
The firewall prevents port scans.
Click to view full-sized in new window
(Click image to view full-sized in a new window)

As you can see, the firewall protects Windows XP against port scanning. Unfortunately though, there are some serious issues involved in using the Windows XP firewall that you need to be aware of.

This article was originally published on Nov 26, 2001
Get the Latest Scoop with Networking Update Newsletter