Windows XP SP2 security

From SonicWiki
Jump to: navigation, search

Windows XP Service Pack 2 includes security features accessible through the Control Panel. Sonic.net strongly recommends enabling Automatic Updates and the Windows Firewall to help prevent a variety of security and performance problems.

Windows Security Center

The Windows Security Center control panel is a general resource provided by Microsoft to assist in fine-tuning network security. It includes documentation about Windows Security and links to the Internet Options control panel, the [#autoupdate Automatic Updates] control panel, and the control panel.

Windows Security Center What's new for security

Automatic Updates

Automatic Updates allows Windows to periodically check for patches and revisions for Microsoft software. Many security exploits prey upon vulnerabilities that Microsoft has already released fixes for. By enabling Automatic Updates, you can make your Windows XP system less susceptible to viruses and hackers.

Automatic Updates

Windows Firewall

The Windows Firewall blocks malicious or untrusted traffic. Sonic.net recommends that any computer on the Internet use some form of firewall.

General

The General tab in the Windows Firewall control panel allows you to turn the firewall on or off. You can also completely stop all exceptions on your firewall in the event that your computer is on an untrusted network.

Windows Firewall

Exceptions

Some programs need to use your network connection in a way that Windows does not understand or does not trust. If you wish to allow these programs to use your network, you can specifically instruct the firewall to allow their traffic. By default, Windows will inform you if it is blocking a program, and allows you to unblock it on the spot. This interface allows you to change your mind later.

Exceptions

Add a Program

If you have a program that is being blocked by the firewall, but it is not listed under the Exceptions tab, you can manually add it by clicking the "Add Program" button and selecting the program from the following screen:

Add a program for exceptions

Add a Port

Sometimes it may be necessary to open up a specific port to allow a service to function, but you do not wish to allow all connections on that program to go through. You can specify TCP or UDP ports to allow through by clicking the "Add a Port" button and completing the following form:

Add a port for exceptions

Advanced

The Advanced tab provides options to customize the firewall's behavior on a per-connection basis. For example, it may be desirable to have one set of firewall policies for your home connection, another for your work connection. You can also enable logging, change ICMP behavior, or revert everything to the default settings.

Advanced firewall options

Per-connection Settings

Connection settings for firewall ICMP Settings

Logging

Firewall Logs

Scope

For many firewall-related settings, there is a "Scope" option listed. This allows you to define which computers on the network your new setting applies to. For example, when adding a port to your Exceptions listing, you can specify the exact IP address that you wish to allow traffic on that port to source from.

Change the scope for an exception