A firewall is a protective boundary between a computer or network and the outside world. Windows Firewall is a stateful host firewall in Windows XP Service Pack 2 (SP2) that drops unsolicited incoming traffic that does not correspond to either traffic sent in response to a request of the computer (solicited traffic) or unsolicited traffic that has been specified as allowed (excepted traffic). This behavior of Windows Firewall provides a level of protection from malicious users and programs that use unsolicited incoming traffic to attack computers. With the exception of some Internet Control Message Protocol (ICMP) messages, Windows Firewall does not drop outgoing traffic.
Unlike the Internet Connection Firewall (ICF) provided in Windows XP with Service Pack 1 (SP1) or Windows XP with no service packs installed, Windows Firewall is designed for use on all network connections, including those that are accessible from the Internet, those connected to small office/home office networks, and those connected to private organization networks.
For many enterprise networks using Windows XP with SP1 or Windows XP with no service packs installed, ICF is disabled on all connections connected to the enterprise network because enterprise networks typically are not directly connected to the Internet. The enterprise network firewall, proxy, and other security systems provide some level of protection from the Internet to intranet network computers. However, the absence of host firewalls such as Windows Firewall on intranet connections leaves computers vulnerable to malicious programs brought onto the intranet by computers that have attached directly to the intranet.
For example, an employee connects an organization laptop to a home network that does not have adequate protections. Because the organization laptop does not have a host firewall enabled on its network connection, it gets infected with a malicious program (such as a virus or worm) that uses unsolicited incoming traffic to spread to other computers. The employee then brings his or her laptop back to the office and connects it to the organization intranet, effectively bypassing the security systems that are at the edge of the intranet. Once connected to the intranet, the malicious program begins to infect other computers. If Windows Firewall was enabled by default, the laptop computer might not get infected with the malicious program when connected to their home network. Even if it did get infected, when it connected to the intranet, the local intranet computers might not become infected because they also have Windows Firewall enabled.
If the computers running Windows XP with SP2 are running client-based programs, then enabling Windows Firewall does not impair communications. Web access, email, Group Policy, and management agents that request updates from a management server are examples of client-based programs. For client-based programs, the client computer always initiates the communication and all response traffic from a server is allowed past the firewall because it is solicited incoming traffic.
In Windows XP with SP1 or Windows XP with no service packs installed, ICF is disabled by default for all connections, unless enabled for an Internet connection by the Network Setup Wizard or Internet Connection Wizard. You can manually enable ICF through a single checkbox on the Advanced tab of the properties of a connection, from which you can also configure the set of excepted traffic by specifying Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) ports.
In Windows XP with SP2, Windows Firewall is enabled by default on all network connections and can be configured with exceptions from the Windows Firewall component in Control Panel, which you can run from the new Windows Security Center. For more information, see Manually Configuring Windows Firewall in Windows XP Service Pack 2.
When Windows Firewall has been enabled on a network connection, the network connection icon in Network Connections appears with a lock and with a status of Enabled, Firewalled in the details of the connection when it is selected. The following figure shows an example in which Windows Firewall is enabled on all the connections of the computer.
| 