Use Win 2008 with its own firewall to effectively protect server security

Today, in many discussions involving computer security issues, we often mention such a word, this is "firewall", but because of the money, not every network administrator can afford a genuine network. Firewalls, professional anti-virus software, in order to solve the confusion of network administrators, Windows Server 2008 system specifically enhances the built-in firewall function, network administrators can access directly from the control panel window as in Windows XP system The user configuration interface with a firewall can also configure the advanced functions of the built-in firewall from the MMC console. Cleverly use the firewall program that comes with Windows Server 2008 system, we can effectively protect the security of the local server system!

Multiple ways to enter the firewall

Although starting from Windows XP system, Microsoft Corporation The firewall function has been built into the system, but the function of the firewall is very limited, often only provides one-way security protection, but can not provide two-way security protection, and the network administrator can only access the system's control panel window. Open the firewall program interface. In the Windows Server 2008 server system, the system's own firewall function has made great progress. The network administrator can access the user configuration interface with its own firewall directly from the control panel window as in the Windows XP system. The advanced functions of the built-in firewall can be configured from the MMC console as desired.

In the Windows Server 2008 server system, we can enter the Windows configuration interface of the firewall in two ways, but the contents of the two configuration interfaces are different; the firewall configuration interface from the system control panel window It belongs to the basic interface. This interface is often suitable for primary users. The firewall configuration interface that enters from the MMC console is an advanced interface. This interface is often suitable for advanced users. Advanced users can control the data inflow and outflow of the server system at any time. ability. In addition, friends who like to operate under the DOS command line can also configure the server system to have a firewall in the command line mode through the commands in the MS-DOS window, or use a security script to create a firewall in multiple server systems. Automatic configuration of parameters. Of course, like the firewall program in the old version of the system, we can also control the configuration of the server system firewall through the power of Group Policy.

1. Enter from the control panel

We know that the original system's own firewall program often only provides one-way protection for system security, which means that it can only enter the server system. The data information flow is intercepted and reviewed, and it is not easy to appear due to improper configuration of firewall parameters, resulting in a decline in the security performance of the server system. In this initial configuration, we can open the basic configuration interface of the firewall through the control window of the server system. The following is the specific opening procedure:

First, in the Windows Server 2008 server system desktop, Click the “Start”/“Settings>;&&quoquo;Control Panel” command, in the pop-up system control panel window, find the Windows Firewall icon, and double-click the icon to open the basics of Windows Firewall. The configuration interface is up.

Next, in the left side of the configuration interface, click the “Enable or disable Windows Firewall” option, and click the “General” tab in the pop-up interface. You can directly select the “Enable” option to enable the firewall function that comes with the server system, or you can directly disable the system firewall function by selecting the “Close” option.

When we enable the firewall of the server system After the feature, by default, the firewall program will intercept all programs to access the external network, except for the options set in the "Exceptions" tab page. Here, the "Block all incoming connections" option is actually a very useful option, especially if the local server system is on a less secure network, this option temporarily disables the "Exceptions" tab page. Any program or service set in the network accesses the network. Once the local server system is in a safer working environment, we cancel the selected state of the "Allow all incoming connections" option to restore the previous normal settings.

As with the old version of the system, in the basic settings of the built-in firewall under Windows Server 2008 server system, we can also set the programs that can directly access the network in the "Exceptions" tab page or service. We can remove the system firewall program's blocking of network access by clicking the “Add Program” and “Add Port” button to add programs or services that need to access the external network.

If there are multiple network connections in the local server system, we can also go to the Firewall's "Advanced" tab page and select the target network connection that needs to be protected by the firewall according to the actual situation. If you find that there are many parameters in the firewall that are not configured correctly, you can directly click the “Restore to Default” button in the “Advanced” tab to quickly cancel all parameter modification operations so that the system firewall can be The parameter settings are restored to the default state when the system was initially installed.

2, enter from the console

As we mentioned earlier, from the system control panel window we can only open the basic configuration interface of the server system firewall, to open the Windows Server 2008 server When the system's advanced security firewall configuration interface, we need to enter from the system's console window, the following is the specific steps:

First open the Windows Server 2008 server system & ldquo; start & rdquo; menu, from the midpoint Select the "Run" command, in the pop-up system run text box, enter the string command "mmc.exe", click the Enter key to open the console window of the server system;

Second In the console window, click the “File”/“Add/Remove Snap-in" option, select the Advanced Security Windows Firewall option in the subsequent interface, and click the “Add” button, then Check the “local computer” option, click the “Complete” button, and finally click the “OK” button so we You can see the System Firewall Advanced Security Settings page.

In the advanced security firewall configuration interface of the Windows Server 2008 server system, we can define a variety of different security configurations for the server system according to the actual working environment, and each configuration is relatively independent. For example, we can customize the security configuration suitable for the working environment of the local area network in the firewall advanced security settings page, customize the security configuration suitable for the point-to-point network in the home working environment, or customize the security suitable for the public network environment in public. Configuration. Therefore, when the Windows Server 2008 server system is located in the working environment of the unit LAN, we can almost shut down the firewall that comes with the server system, because basically all the LAN networks of the unit have a special firewall, and when the server system is in the public network environment, At that time, we need to play the role of the server system with a firewall in time, after all, in public, the server system is more likely to be illegally attacked. Previous12Next page Total 2 pages