Microsoft Windows XP Home Edition - Zenk - Security - Repository
Microsoft Windows XP Home Edition - Zenk - Security - Repository
Microsoft Windows XP Home Edition - Zenk - Security - Repository
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Microsoft</strong> <strong>Windows</strong> <strong>XP</strong> <strong>Home</strong> <strong>Edition</strong><br />
<strong>Security</strong> Implementation<br />
Version 1.4b Option 1<br />
The next tab located in the Advanced Settings window is <strong>Security</strong> Logging.<br />
On this window you select the logging options for the firewall. There are only two<br />
options (Log Dropped Packets, Log Successful Connections). The Log<br />
Dropped Packets option will log all the packets that were dropped by the<br />
firewall. You want to log this so that you can determine whether the access was<br />
an attempted attack or legitimate connections that were denied. The Log<br />
Successful Connections will log all the packets that were able to connect to<br />
you computer. If you log these type of connections you will get a file that is quite<br />
large. It is not recommended that you enable this option for a long period of time.<br />
The default location for the file is %SystemRoot%. It is called pfirewall.log.<br />
This file can be difficult to read so you will probably want to import the file in<br />
Key<br />
Excel.<br />
fingerprint<br />
The file<br />
=<br />
is<br />
AF19<br />
constantly<br />
FA27 2F94<br />
being<br />
998D<br />
written<br />
FDB5<br />
to,<br />
DE3D<br />
so you<br />
F8B5<br />
will<br />
06E4<br />
need<br />
A169<br />
to open<br />
4E46<br />
the file in<br />
Read Only mode.<br />
The last tab in this window is ICMP Options. ICMP is Internet Control Message<br />
Protocol. This protocol is used to communicate on the Internet. ICMP carries no<br />
data and can be used for scanning networks, redirecting traffic, and DoS (Denial<br />
of Service) attacks. ICF by default blocks most types of incoming and outgoing<br />
ICMP messages. You have the ability to change the options for ICMP<br />
messages. Below are the options and a brief description.<br />
Allow Incoming Echo Request<br />
This means that your computer will respond to a ping (echo) request. This<br />
option is used typically for troubleshooting and could be turned on.<br />
Allow Incoming Timestamp Request<br />
This option will allow your computer to acknowledge certain requests with<br />
a confirmation message that indicates the time the request was received.<br />
Allow Incoming Mask Request<br />
This option will allow your computer to listen for and respond to request for<br />
information about the network it is attached to.<br />
Allow Incoming Router Request<br />
© SANS Institute 2003, Author retains full rights<br />
This option will allow your computer to respond to requests for information<br />
about it's routing tables.<br />
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46<br />
Page 20 of 53<br />
© SANS Institute 2003, As part of the Information <strong>Security</strong> Reading Room. Author retains full rights.