My linksys router gives me a hardware firewall. For this reason, I did
not connect the WINXP SP2 firewall. Other than to get rid of the
annoying incorrect message that I am exposed, is there any reason to
connect the WINXP firewall?
I had similar thoughts and finally decided on adding Symantec Personal
Firewall (other products may suit the needs of others - not a pitch for PF).
My rationale was that the linksys router does a great job of blocking incoming
packets. I send the log file over to my Linux server and am continually amazed
by the number and source of packets from unknown machines hitting my router on
a continual basis. That said, however, I wanted more control over the outgoing
packets. Windows XP seems to love sending out stuff to everyone. I set up PF
to essentially block all incoming and outgoing packets. I then allow those I
want. By monitoring and logging the flow of things, I then turn off those
things not needed.
My current analysis so far is
Running, but are they needed ?
Computer Browser - Started Automatic
DHCP Client - Started Automatic
Smart Card - Manual
Turned off, but are they needed ?
Messenger
Remote Registry - Disabled
Routing and Remote Access - Disabled
SSDP Discovery Service - Disabled
Telnet - Disabled
Terminal Services - Disabled
Windows Firewall/Internet Connection Sharing (ICS) - Stopped/Manual
Windows Time - Disabled
I would never have found these without the incoming/outgoing detailed
information. (Uhm, I think I will post these elsewhere to see what others have
done.)
PF also gives me highly configurable web permissions (scripts, activex, java,
and so on) on a site-by-site basis. My approach here is also to just about
block everything and turn it on as needed (although I have openned up scripts
since it is so heavily used).
I have done a lot of firewall stuff in Linux. The basic approach to turn
everything off and then turn that which is needed back on has served me well
in protecting a lot of systems.
I also use Cookie Pal so that I can manage the cookies as well. Same approach,
no cookie (except for session expires) unless authorized.
YMMV