Nowadays, in many discussions involving computer security issues, we often mention such a word, this is the "firewall", but because of the money, not every network administrator can afford a genuine network firewall, professional anti-virus software. In order to solve the confusion of the network administrator, the Windows Server 2008 system deliberately enhances the built-in firewall function. The network administrator can access the user configuration interface with the firewall directly from the control panel window as in the Windows XP system. The advanced functions of the built-in firewall can be configured from the MMC console as desired. Skillfully make good use WindowsServer2008 system comes with a firewall program, we can effectively protect the safety of the local server system!
a variety of ways to enter a firewall Despite starting from the WindowsXP system, Microsoft has been the The firewall function is built into the system, but the function of the firewall is very limited, often only provides one-way security protection, but can not provide two-way security protection, and the network administrator can only open the firewall from the system's control panel window. Program interface. In the Windows Server 2008 server system, the system's own firewall function has made great progress. The network administrator can access the user configuration interface with its own firewall directly from the control panel window as in the Windows XP system, and can also access the MMC from the MMC. The advanced features of the built-in firewall are configured in the console as desired.
in the WindowsServer2008 server systems, we can have two ways to enter the Windows firewall configuration interface, but the content of these two configuration interface is not the same; the Control Panel window into the firewall from the system belong to the basic configuration interface Interface, this interface is often suitable for primary users. The firewall configuration interface that enters from the MMC console is an advanced interface. This interface is often suitable for advanced users. Advanced users can control the data inflow and outflow capabilities of the server system at will. In addition, friends who like to operate under the DOS command line can also configure the server system to have a firewall in the command line mode through the commands in the MS-DOS window, or use a security script to create a firewall in multiple server systems. Automatic configuration of parameters. Of course, like the firewall program in the old version of the system, we can also control the configuration of the server system firewall through the power of Group Policy.
1, from the control panel to enter
We know that the initial system comes with a firewall program often provides only a one-way system security protection capability, it can only be said to enter the server system The data information flow is intercepted and reviewed, and it is not easy to appear due to improper configuration of firewall parameters, resulting in a decline in the security performance of the server system. During this initial configuration, we can open the window by controlling the basic configuration of the server system can be a firewall interface, the following is a specific opening step:
firstly WindowsServer2008 desktop server sequentially single Click the "Start" /"Settings" /"Control Panel" command, in the pop-up system control panel window, find the Windows Firewall icon, and double-click the icon to open the basic configuration interface of the Windows Firewall.
Second display on the left side of the configuration interface area, click "Enable or disable Windows Firewall" option, click the "General" tab in the subsequent pop-up interface, on this page we can directly choose " enable "option to enable server system comes with firewall features, you can also directly select" Off "option to disable the system firewall functions;
when we enabled the firewall feature server system, in default, The firewall program intercepts all programs to access the external network at the same time, except for the options set in the Exceptions tab page. Here, the "Block all incoming connections" option is actually a very useful option, especially if the local server system is on a less secure network, this option temporarily disables the system from disabling any of the settings in the "Exceptions" tab page. The program or service accesses the network. Once the local server system is in a safer working environment, we uncheck the "Block all incoming connections" option to restore the previous normal settings.
with older versions of the same system, when the server comes with a firewall under WindowsServer2008 system basic settings, we can also set up those programs or services can directly access the network in the "Exceptions" tab page. We can remove the blocking of network access by the system firewall program by directly adding programs or services that need to access the external network by clicking the "Add Program" and "Add Port" buttons.
If the local server system in a number of network connections, we can also enter the "Advanced" tab page firewall, then select the destination network firewall protection required by the connection according to the actual situation. If you find that many parameters in the firewall are not configured correctly, you can quickly cancel all parameter modification operations by clicking the Restore to Defaults button on the Advanced tab page to restore the system firewall parameters to The default state when the system was initially installed.
2, from the console into the
We have already mentioned, from the System Control Panel window open, we can only basic firewall configuration interface server systems, in order to open the WindowsServer2008 server system when advanced security firewall configuration interface, we need to get into the system from the console window, the following are the specific steps:
first, open the WindowsServer2008 server system "start" menu, select from the "run" command, in the pop-up system run text box, enter the string command "mmc.exe", click the enter key to open the console window server system;
Second, in the console window, click "File" /"Add /Remove Snap-in" option, select the Advanced Security Windows Firewall option in the subsequent interface, click the "Add" button, then select the "Local Computer" option, and then click the "Finish" button. Finally click on the "OK" button so that we can see the system firewall advanced security settings page
Advanced security firewall configuration interface WindowsServer2008 server systems, we can define a number of different security configurations based on the actual work environment for server systems, and each configuration is relatively independent. For example, we can customize the security configuration suitable for the working environment of the local area network in the firewall advanced security settings page, customize the security configuration suitable for the point-to-point network in the home working environment, or customize the security suitable for the public network environment in public. Configuration. Therefore, when the Windows Server 2008 server system is located in the working environment of the unit LAN, we can almost shut down the firewall that comes with the server system, because basically all the LAN networks of the unit have a special firewall, and when the server system is in the public network environment, We need to play the role of the server system with a firewall in time, after all, in public, the server system is more likely to be illegally attacked.