To create "copper wall iron wall" for win2003, set system firewall

In the network, the so-called "firewall" refers to a method of separating the internal network and the public access network, it is actually an isolation technology, in A protective barrier constructed between the internal network and the external network, and between the private network and the public network. Then, how to create a more reliable copper wall for the Windows 2003 system through the setting of the Windows 2003 system firewall, allowing secure network communication to pass The firewall enters the network while rejecting insecure communication and protecting the network from external threats.

It is understood that Internet Connection Firewall is only included in Windows Server 2003 Standard Edition and 32-bit version of Windows Server 2003 Enterprise Edition. On the Windows 2003 server, enable the firewall function for computers directly connected to the Internet, support network adapters, DSL adapters or dial-up modems to connect to the Internet. In fact, Windows 2003 Internet Connection Firewall can manage service ports, such as HTTP port 80, FTP 21 ports, etc., as long as the system provides these services, the Internet connection firewall can monitor and manage these ports.

Setting up the system firewall

1. Right click on the “local connection” icon in the lower right corner of the desktop and click on the “Status” option.

Second, the "Local Connection Status" dialog box appears, click the "Properties" button.

Third, click on the “Advanced” tab in the pop-up "Local Connection Properties" dialog box.

Fourth, the following figure appears to start/stop the firewall interface. Enable the Internet Connection Firewall, check the "Protect my computer and network by restricting or blocking access to this computer from the Internet" checkbox, and click the “Settings" button.

5. In the Service tab of the pop-up "Advanced Settings" dialog box, set the Web service of the firewall, and select the "Web Server (HTTP)" option.

6. Click the “OK” button. Once set, network users will not be able to access other network services provided by the server other than the web service.

Note: You can choose according to the services provided by Windows 2003 server, you can choose more. The standard service system is already preset in the system, you just need to select the appropriate option. If the server also provides non-standard services, it needs to be manually added by the administrator.

VII. Add the settings of the service, click the “Add” button.

VIII. In the “Add Service” dialog box, you can fill in the service description, IP address, port number used by the service, and select the protocol used (Web service uses TCP protocol, DNS query) Use the UDP protocol) to set up non-standard services.

IX. Set the firewall security log settings. In the “Advanced Settings” dialog box, select the “Security Log” tab, and the “Security Log Settings” dialog box appears. Select the records to be recorded. Project, the firewall will record the corresponding data. The default path of the log file is C:\\Windows\\Pfirewall.log, which can be opened with Notepad. The format of the generated security log is W3C extended log file format, which can be viewed and analyzed by common log analysis tools.

Note: It is necessary to establish a security log, which provides reliable evidence when server security is compromised.

The Internet Connection Firewall can effectively block the illegal invasion of Windows 2003 servers and prevent illegal remote hosts from scanning the servers, thus improving the security of Windows 2003 servers. At the same time, it can also effectively block viruses that use operating system vulnerabilities for port attacks, such as worms such as shockwaves. If this firewall feature is enabled on a virtual router constructed with Windows 2003, it can protect the entire internal network.