Windows

Windows XP Help

Firewalls and Security

When your PC is connected to the internet, it is open to attack from various sources: hackers, viruses, spy software, viruses and so on. To protect your computer you need to make sure your PC has software installed to protect your system such as a Personal Firewall, Anti-Virus Software, Spy Removal software and latest Security Patches for Windows.

What is a Firewall?

A firewall is a system that blocks unwanted or unauthorised programs and data from entering or leaving your computer while on the Internet. This is achieved by IP filtering. Every program that accesses the internet uses special Ports. For Example, your Email program will use POP3 (tcp port 110) to receive mail, and SMTP (tcp port 25) to send mail, your Web Browser will use HTTP (Port 80) or HTTPS (Port 443) to access html pages from web servers. There are other ports that may be open but not used, and special ones that you don`t know about, these ports are scanned and exploited by hackers who wanted to get a data on your PC. There are two type of Port: TCP (Transport Control Protocol) and UDP (User Data Protocol), these are listed in C:\Windows\System32\Drivers\Etc\Services.

To enable the Firewall, turn on the Internet Connection Firewall on the Advanced button on your Dial Up Connection or install a third party firewall program such as Norton Personal Firewall, McAfee Personal Firewall or ZoneAlarm. These programs will allow your normal internet programs to connect to the internet but block everything else and will inform you of any possible intrusions.

How to Set up a Firewall?

You can view or set which ports to allow or disallow via the TCP/IP Filtering options in the properties of Internet Protocol (TCP/IP), Advanced, Options.

If you click on Properties, you can then view or set individual ports as shown below:

As you can see, all ports are allowed by default. If you wanted to have more control (if you know what you are doing), then you can enable this and enter the ports you wish to allow through. For example:

As shown, I have allowed ports 21 (ftp), 25 (smtp), 42 (dns), 80 (http), 110 (pop3) and 443 (https) through. There are more protocols needed to get a reliable connection.

Security Tips

Regularly visit http://windowsupdate.microsoft.com/ to make sure your Windows is up to date and secure from holes found in the operating system that may allow hackers access to your computer.

If using a Dial Up Networking, then always turn off File and Print Sharing, this will prevent hackers from accessing files from your hard disk over the internet. File sharing software such as Limewire, gnutella etc use file and print sharing to allow people to share music over the internet. This is inheritly unsecure.

Download anti-spy software such as Ad-aware that will remove ActiveX and other small programs that install themselves when browsing certain sites. These programs can do things such as send information back to the company about you, your browsing habits and so on. Some programs are known to modify your browser by adding graphics, links and change your home page to their site (and you cannot change it back).

In Internet Options, check and change the Security level for web sites, Medium security is adequate for most people. You can change things like what types of ActiveX controls are downloaded (see c:\Windows\Downloaded Program Files\ for installed ActiveX controls). Never install unsigned or unsafe controls or automatically download programs or controls until you have read the notice or specifically want them.

On the Privacy tab you can control the type of Cookies that are installed on your computer or even turn them off completely and then only allow specific sites to use them such as Banks via the Edit button for individual sites.

There are additional security options on the Advanced tab which you can change (the defaults should be adequate for most people):