Keep a Log
The Windows Firewall applet's Log Settings tab, which Figure 8 shows, lets you configure whether and how Windows Firewall logs its activity. (Be aware that Windows Firewall logging is disabled by default.) You can control whether Windows Firewall logs dropped packets or successful incoming and outgoing connections. Thus, the log can reveal every time someone tries and fails to connect to the computer, as well as each successful incoming connection and each time the computer opens an outgoing connection to another system, such as a local file server or a Web server over the Internet. The log records source and destination IP addresses and port numbers as well as lets you know whether the connection was dropped or successful. For example, the log output in Figure 9 shows that Windows Firewall rejected an attempt by a system at IP address 10.42.42.2 to connect to port 80 on the local workstation. The log then shows that the system at IP address 10.42.42.10 successfully connected to the local workstation through Remote Desktop Protocol (port 3389). Finally, the log shows that the local workstation connected to IP address 10.42.42.100 to execute a remote procedure call (RPC) transaction using port 135.
By default, Windows Firewall stores the log as C:\windows\pfirewall.log and sets a maximum log size of 4MB, but you can change the path and filename (the file must reside on the local system) as well as the maximum log size. When the log reaches the maximum, Windows appends .old to the log filename, then starts a new log under the path name specified on the Log Settings tab. The next time the log fills up, Windows again renames the log file (which then overrides the original, oldest file) and starts a new log.
Extend the Wall
Now that you understand how Windows Firewall works, you can determine how to best configure it for your environment. In my next article, I'll show you how to use Group Policy to automatically deploy SP2 to all your XP workstations and to centrally configure and control Windows Firewall on those machines.
Resources
WINDOWS & .NET MAGAZINE RESOURCES
You can obtain the following articles from Windows & .NET Magazine's Web site at
http://www.winnetmag.com.
MARK MINASI
Inside Out, "Meet Windows Firewall," May 2004, InstantDoc ID 42293
"Countdown to XP SP2: More than a Firewall," May 2004 VIP Web Exclusive, InstantDoc ID 42553
"Countdown to XP SP2: Planning Ahead," May 2004 VIP Web Exclusive, InstantDoc ID 42552
"Countdown to XP SP2: Dealing with ICF," April 2004 VIP Web Exclusive, InstantDoc ID 42497
"Countdown to XP SP2: Forced Protection," April 2004 VIP Web Exclusive, InstantDoc ID 42496
RANDY FRANKLIN SMITH
Ask the Experts, "Assigning IPSec Policies to Servers and Workstations on Your Network," March 2003, InstantDoc ID 37946
"IP Security Filtering," June 2001 Web Exclusive, InstantDoc ID 21546
PAUL THURROTT
Need to Know, "What You Need to Know About New Security Features in Windows XP SP2," May 2004, InstantDoc ID 42266
SECURITY ADMINISTRATOR RESOURCE
You can obtain the following article from Security Administrator's Web site at
http://www.winnetmag.com/windowssecurity.
RANDY FRANKLIN SMITH
"IPSec and Group Policy: A Stronger Defense," August 2002, InstantDoc ID 25730
I paid for the subscription, you extorted e-mail and marketing info from me to sign up for this and you still stuff ads in my face to read this? Let up!
billdunn September 01, 2004 (Article Rating: )
You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor?
Register now
An often irreverent look at some of the week's other news, including some more Windows 7 sales momentum, some Sophos stupidity, Microsoft's cloud computing self-loathing, more whining from the browser makers, Zoho's "Fake Office," and much, much more ...
Let Your Users Reset Their Own Passwords: Free Download Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.
Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!
Deep Dive into VMware vSphere, eLearning Series Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Register
billdunn September 01, 2004 (Article Rating: