Services Utility: Internet Connection Firewall (ICF) - Internet Connection Sharing (ICS) Service
|Display Name (?):|| Internet Connection Firewall (ICF) - Internet Connection Sharing (ICS)|
|Short Name (?):|| SharedAccess|
|Executable (?):|| svchost.exe|
|Library (?):|| ipnathlp.dll|
|Depends On (?):|| None.|
|Supports (?):|| None.|
|Description (?):|| Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.|
|OS (?):|| XP Home/Professional, Vista Home/Business, Server 2003, Vista Server|
The internet connection firewall (ICF) / internet connection sharing (ICS) service is used in providing two features. The first feature it provides is that of the firewall that allows users to block all the standard Windows open ports. This is generally a good idea for people that are unsure about computer security, or for those that are unable or unwilling to apply security patches to their computers. However, the ability to block all incoming traffic is a double edged sword and it will interfere with even wanted incoming connections, such as trying to receive a file from someone on AIM or the inability to send files on IRC through DCC. This feature can be enabled / disabled, if this service is enabled, through the advanced tab of the "network properties" of your active network interface cards (NICs).
However, what few people know is that even prior to Windows providing a security blanket through native software firewall support there was a very strong way to defend against intruders. This other method is obtained through the use of port filtering from the TCP/IP network settings on your active network interface cards (NICs). By using this method you can limit incoming traffic to none but the ports that you wish. This allows you to specifically allow certain TCP, UDP and other ports (except ICMP 0, ping).
Normally hardware firewalls are useless as crackers (hackers) must use open holes in your system to gain any type of access control over your computer. This can be fixed by keeping your computer up-to-date with patches and by closing any features you do not use (such as the remote registry service and open administrator shares). Using a firewall is much like cementing your front and back door so that you have to enter through the windows when you could just lock your doors and not keep your key under your welcome mat. But, if you really feel better by using a firewall it is a better idea to obtain a more robust system such as ZoneAlarm that provides much more configurability. Keep in mind though that having your computer interpret all transferred data will slow your connection down, albeit not terribly so, and at the expense of system resources (CPU time and RAM).
The second feature this service allows for is for using your computer much like a hardware router. Through the use of network address translation, addressing, name resolution, and a simplified DCHP server named the DHCP allocator your computer may intercept data from a broadband or narrowband connection, and acting as a proxy (gateway) server, transfer the data to other computers on your network. This allows for other computers to use a single Internet connection without having to purchase additional software or hardware, and even secures the internal computers as they are blocked by a translation server. This is because the gateway receives incoming requests and without forwarding policies the gateway has no way of knowing which computer the information is meant for, so it discards the data. This is more of a flaw than a feature, but this concept is often sold as a feature on many hardware routers you can buy in the store.
If you do not wish to use either of these features you can safely disable this service without any problems. However, the default state of this service is manual so disabling it will not relieve any additional resources if you are not using it. Therefore I would recommend leaving it to manual.