nCircle.com >> 360 Security

« /me blushes. | Main | SCADAGard SIG To Be Established »

How to Disable ICS

With the introduction of Windows XP Service Pack 2, users were blessed with some new firewall and Internet connection sharing (ICS) features. Its important to note that even though these two features interact and share some Windows API Firewall code, they are configured separately. Due to the recent ICS vulnerabilities discussed here on our blog, it is probably best to review your personal and enterprise settings regarding Internet Connection Sharing. To that point, both enterprise and home users can easily choose to disable ICS without disabling the Windows firewall.

Our friends at ZDNet seem to think that disabling Internet Connection Sharing turns off the Windows firewall. It’s also rumored that it’s really easy for a home user to inadvertently turn off the firewall while disabling ICS. Lets have a look.

Step 1: Open your Local Area Connection Properties. Click on the Advanced Tab.

ics_default.png

We see two very distinct configuration areas – Windows Firewall and Internet Connection Sharing. The screen shot shows the default settings, that being ICS is turned off by default. So, that is to reason that if you HAD turned on ICS, you probably know how to turn it off. Which brings us to our second step.

Step 2: Ensure the checkbox is NOT selected for “Allow other network users to connect through this computer’s Internet connection”

Step 3: Click OK and probably best to reboot.

Result: In three steps, I’ve turned off ICS and did NOT disable my Windows firewall.


Enterprise Configuration


Enterprises looking to mitigate their risk for the Microsoft ICS vulnerability, should consider deployment of a few group policy settings.

These settings are discussed in detail on Microsoft’s technet site.

Prohibit use of Internet Connection Sharing on your DNS domain network determines whether computer users with administrator accounts can enable and configure Internet Connection Sharing (ICS) on network connections on your domain.

Prohibit use of Internet Connection Firewall on your DNS domain network determines whether computer users with administrator accounts can enable and configure Internet Connection Firewall (ICF) on network connections on your domain.

Prohibit installation and configuration of Network Bridge on your DNS domain network determines whether computer users with administrator accounts can enable Network Bridge on your domain.

Now, once you’ve gone ahead and disabled ICS from a group policy, a user lacks the ability to alter the settings. In the below screen shot we see our user has no access to the ICS configuration settings.

ics_disabled.PNG

I hope this clears things up.

Posted by storms on October 31, 2006 10:59 AM |

Search


About

This page contains a single entry from the blog posted on October 31, 2006 10:59 AM.

The previous post in this blog was /me blushes..

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]