WindowsServer2008 firewall analysis

  
        

System security has always been the top priority of LAN maintenance and management operations. One of the most commonly used methods to ensure the security of ordinary servers is to install network firewalls, professional anti-virus software and various anti-spyware tools. .

However, every time you rely on external power to protect the security of the server system, it really makes network administrators feel inconvenience. After all, not every network administrator can afford genuine network firewall and professional anti-virus software. In order to solve the confusion of network administrators, the Windows Server 2008 system specifically enhances the built-in firewall function, and the network administrator can access the user who has the firewall directly from the control panel window as in the Windows XP system. The configuration interface can also configure the advanced functions of the built-in firewall from the MMC console. Cleverly use the firewall program that comes with the Windows Server 2008 system, we can effectively protect the security of the local server system!

A variety of ways to enter the firewall

Although starting from the Windows XP system, Microsoft has built the firewall function into the system, but the function of the firewall is very limited, often only available One-way security, but not two-way security, and network administrators can only open the firewall program interface from the system's control panel window. In the Windows Server 2008 server system, the system's own firewall function has made great progress. The network administrator can access the user configuration interface with its own firewall directly from the control panel window as in the Windows XP system. The advanced functions of the built-in firewall can be configured from the MMC console as desired.

In the Windows Server 2008 server system, we can enter the Windows configuration interface of the firewall in two ways, but the contents of the two configuration interfaces are different; the firewall configuration interface from the system control panel window It belongs to the basic interface. This interface is often suitable for primary users. The firewall configuration interface that enters from the MMC console is an advanced interface. This interface is often suitable for advanced users. Advanced users can control the data inflow and outflow of the server system at any time. ability. In addition, friends who like to operate under the DOS command line can also configure the server system to have a firewall in the command line mode through the commands in the MS-DOS window, or use a security script to create a firewall in multiple server systems. Automatic configuration of parameters. Of course, like the firewall program in the old version of the system, we can also control the configuration of the server system firewall through the power of Group Policy.

1. Enter from the control panel

We know that the original system's own firewall program often only provides one-way protection for system security, which means that it can only enter the server system. The data information flow is intercepted and reviewed, and it is not easy to appear due to improper configuration of firewall parameters, resulting in a decline in the security performance of the server system. In this initial configuration, we can open the basic configuration interface of the firewall through the control window of the server system. The following is the specific opening procedure:

First, in the Windows Server 2008 server system desktop, Click the “Start/“Set/“Control Panel command, and in the pop-up system control panel window, find the Windows Firewall icon and double-click the icon to open the basic configuration interface of Windows Firewall.

Secondly, click on the left side of the configuration interface to click the “Enable or Disable Windows Firewall” option, and click the “General tab” in the pop-up interface. On this page, we can directly select “&ldquo” Enable the option to enable the firewall function that comes with the server system. You can also disable the system firewall function by directly selecting the option to turn off the system.

When we enable the firewall function of the server system, by default, The firewall program intercepts all programs to access the external network at the same time, except for the options set in the "Exceptions tab page. Here, "blocking all incoming connection options is actually a very useful option, especially if the local server system is on a less secure network, this option can temporarily disable the system from setting any of the settings in the Exceptions tab page. The program or service accesses the network. Once the local server system is in a safer working environment, we cancel the check box to prevent all incoming connection options from being selected to restore the previous normal settings.

As with the old version of the system, in the basic settings of the built-in firewall under Windows Server 2008 server system, we can also set up programs or services that can directly access the network in the "Exceptions" tab. We can remove the system firewall program's blocking of network access by clicking the Add Programs button to add programs or services that need to access the external network.

If there are multiple network connections in the local server system, we can also go to the Firewall's Advanced tab page and select the target network connection that needs to be protected by the firewall according to the actual situation. If you find that many parameters in the firewall are not configured correctly, you can directly click the “Restore to Default” button in the “Advanced” tab to quickly cancel all parameter modification operations to restore the system firewall parameter settings to The default state when the system was initially installed.



2, from the console into the

We have already mentioned, from the System Control Panel window open, we can only basic firewall configuration interface server systems, to When you want to open the advanced security firewall configuration interface of the Windows Server 2008 server system, we need to enter from the system console window. Here are the specific steps:

First open the Windows Server 2008 server system & ldquo; Menu, select from the "Run command", in the pop-up system run text box, enter the string command "mmc.exe, click the Enter key to open the console window of the server system;

In the console window, click the “File/“ Add/Remove Snap-in option, select the Advanced Security Windows Firewall option in the subsequent interface, and click the “Add button” and then select “Local Computer”. Option, click the “Complete button, and finally click the "OK" button so that we can see the System Firewall Advanced Security Settings page. .

In the advanced security firewall configuration interface of the Windows Server 2008 server system, we can define a variety of different security configurations for the server system according to the actual working environment, and each configuration is relatively independent. For example, we can customize the security configuration suitable for the working environment of the local area network in the firewall advanced security settings page, customize the security configuration suitable for the point-to-point network in the home working environment, or customize the security suitable for the public network environment in public. Configuration. Therefore, when the Windows Server 2008 server system is located in the working environment of the unit LAN, we can almost shut down the firewall that comes with the server system, because basically all the LAN networks of the unit have a special firewall, and when the server system is in the public network environment, At that time, we need to play the role of the server system with a firewall in time, after all, in public, the server system is more likely to be illegally attacked.

Protecting your security with a firewall

After getting familiar with the firewall of the Windows Server 2008 server system, we can use our intelligence to protect the server system with a firewall. Below, we will list two application examples, let everyone appreciate the power of Windows Server 2008 server system firewall!

1. Prevent Ping Command Attacks

In a LAN environment, there are often malicious users who use the Ping command to continuously send some large-capacity data packets to the server system, which may cause the server system to run. In addition, the illegal attacker can obtain the relevant running status information of the server system through some parameters of the ping command, and implement targeted attacks on the server system according to the information. In order to protect the stability of the Windows Server 2008 server system and prevent the server host from being attacked by the Ping command, we can set the security rules of the firewall as follows:

First click on the Windows Server 2008 server system desktop. ; Start button, from the pop-up "Start" menu, click the "Programs," "Administrative Tools command, and then select "Advanced Security Windows Firewall Options" from the lower menu;

Then the system will automatically pop up In the Advanced Security Windows Firewall Configuration window, click the “Inbound Rules” option in the list pane on the left side of the window, right-click the option, and select “New Rule” from the right-click menu to open The new rule creation wizard interface, select the "custom project" in the interface; then click the "Next" button, select the "All Programs" page on the subsequent page, then follow the prompts to set the network protocol type to "ICMPv4" , set the connection condition to “ block the connection, and set it according to the actual working environment. In the specific case where the new rule is applied, finally, a new name is created for the newly created security rule, so that any illegal user on the local area network cannot perform a Ping command attack on the Windows Server 2008 server system.

2, prevent program exploits

Many people often simply think that as long as the update patch is installed for the server system in time, the server system can be protected from network viruses or Trojans; In fact, installing patches on the server system is only to block the system's security vulnerabilities, but if there are vulnerabilities in the applications installed on the server system, then there is no way to guarantee the security of the server system. In order to effectively avoid server security problems caused by application vulnerabilities, we need to use the system firewall to reject applications with security vulnerabilities to connect or access the network, thus preventing Trojans or hackers in the network from exploiting application vulnerabilities. Attacking the server is safe. Below, we will set up the Windows Server 2008 server system's own firewall program to prevent application exploits:

First, in the Windows Server 2008 server system desktop, click “ Start /& ldquo; Settings /“Control Panel command, in the pop-up system control panel window, find the Windows Firewall icon, and double-click the icon to open the basic configuration interface of Windows Firewall; the exam is big - the country's largest education website (www.Examda.com)

Next, click on the "Change settings" option in the basic configuration interface, and then click the "Exceptions tab" to open the label settings page. Here we can see that the system may use the list of network programs, the selected application. Programs are applications that are allowed to pass through the network, and those that are not selected are applications that are not allowed to pass through the network;

If we find that there is no target vulnerability application in the corresponding tab settings page, then we can single Click here to add the program button in the pop-up file selection dialog Add security vulnerabilities of applications to import in, and finally click & ldquo; OK button to make these settings take effect.

Sometimes, we don't know which applications have security vulnerabilities, so we can't use the Windows Server 2008 server system to provide a firewall to protect the local server. At this point, we can modify Windows Server 2008. The server system's group policy to force the firewall program to automatically protect all network connections. Here are the specific setup steps:

First open the "Start menu" in the Windows Server 2008 server system desktop, select from "ldquo" Run the command and enter the string command “gpedit.msc in the run box that pops up to enter the group policy editing interface of the local server system;

Secondly, locate the mouse in “Computer Configuration/“Management Template/“Network/“Network Connection/“Windows Firewall/“Standard Profile Branching Options, under the “Standard Profile Branching Options”, double-click with the “Windows Firewall: Protect All Network Connections Group Policy option. Open the target group policy property interface; select &ld in the interface Quo; The project is enabled, and finally click the "OK" button, so that the Windows Server 2008 server system comes with a firewall to forcefully protect all network connections.

Copyright © Windows knowledge All Rights Reserved