How to setup Internet Connection Firewall(ICF)

Windows XP is mad about the Internet. Right from the get go during installation XP works best if you have an Internet connection available to download the latest updates and drivers. This online thread extends throughout the operating system: In the presence of features such as Windows Messenger and Remote Assistance, right through to the way the Help and Support Center draws material from Microsoft's online Knowledge Base if you have an active Internet connection.

Of course, the more time you spend online, the more vulnerable you become to attempts to hack into your computer. This is especially the case if you have an always-on cable or DSL connection. But even if you're using a dial-up connection, you are at risk.

The good news is, Windows XP comes with built-in protection for your Internet connection. It's called Internet Connection Firewall (ICF) and setting it up requires no more than a tick of a box when you create your Internet connection.

What's a firewall?

In everyday terms, a firewall is a wall built between buildings to contain the spread of fire. In computing terms, it's a program (or a piece of hardware) designed to prevent the spread of unauthorised communication between computers.

Windows XP's ICF is a software firewall. It's a pretty limited one from the average user's viewpoint because there's almost no flexibility in its operation – you just switch it on and let it protect your system as it deems best. In fact, there are options for fine tuning ICF, but they're really designed for use by system administrators, and most users will want to steer clear of these settings.

You can use ICF to protect a single computer connected to the Internet or a home network of computers connected to the Internet.

If you wish to protect your home network, the simplest method is to establish a shared connection to the Internet using Internet Connection Sharing (ICS) and then install the firewall on the ICS host computer.

Setting up a protected connection

The easiest way to activate the firewall is to use the New Connection Wizard to create an Internet connection.

If you have an always-on cable or DSL connection, your connection should be set up already, so you won't need to do this. If you have a high-speed connection which requires a password login (sometimes called a Point-to-Point over Ethernet, or PPPoE, connection) or if you use a dial-up connection with a modem, here's how to create a protected connection:

  1. Click Start -> Control Panel -> Network And Internet Connections -> Setup Or Change Your Internet Connection.
  2. In the Internet Properties dialog box, click Setup to open the New Connection Wizard and then click Next.
  3. For Network Connection Type, choose Connect To The Internet and click Next.
  4. If you already have an ISP, select Set Up My Connection Manually. You'll need to make sure you have your username, password and – for dial-up connections – the connection number from your ISP. If you don't already have an Internet Service Provider (ISP), select Choose From A List Of Internet Service Providers. This option will, in fact, close the Network Connection Wizard and direct you to the Online Services folder, where you can create a connection from a list of ISPs. The third option (Use The CD I Got From An ISP) also closes the Network Connection Wizard. If you're setting up your connection manually continue with the following steps.
  5. Select your type of connection, dial-up or high-speed (broadband) from the list and click Next.
  6. On the following screens, type in your ISP's name and, for dial-up connections, phone number, and click Next to proceed.
  7. In the Internet Account Information screen, type in your ISP-supplied username and password (you enter the latter twice to ensure it's correct). You can tick options to make this connection the default connection (in case you have multiple ISP accounts) and the connection for all users of your computer. To activate the firewall for this connection, click Turn On Internet Connection Firewall For This Connection. Click Next and then Finish.

Switching it on and off

If you want to enable or disable ICF on an existing Internet connection:

  1. Click Start -> Control Panel -> Network And Internet Connections -> Network Connections.
  2. Click the connection you wish to change and select the Change Settings Of This Connection task.
  3. Click the Advanced tab and click the option in the Internet Connection Firewall section.
You can also switch on ICF logging and access advanced firewall settings from this dialog. ICF logging lets you keep track of the firewall's activities by creating a text log file, which you can examine at any time.