Although in the vista, the system's own firewall has improved a lot, which is a good experience for many users. But when using a firewall, you still need to pay attention to the ten precautions of the Windows Vista firewall.
Microsoft has made significant changes to Windows Firewall in Vista to enhance security and make it easier for advanced users to configure and customize while retaining the simplicity that novice users need.
First, use two interfaces to meet different needs
Vista Firewall has two independent graphical configuration interfaces: one is the basic configuration interface, you can pass the security center & rdquo; and & ldquo The control panel is accessed; the second is the advanced configuration interface, which can be accessed as a plugin after the user creates a custom MMC. This prevents unintentional changes by novice users from causing connection disruptions, and provides a way for advanced users to fine-tune firewall settings and control outbound and inbound traffic. Users can also use the commands in the netshadvfirewall context to configure the Vista firewall from the command line. Scripts can also be used to automatically configure the firewall for a group of computers. Group Policy can also be used to control the settings of the Vista firewall.
Second, the security under the default settings
Windows Firewall in Vista uses security configuration by default, while still supporting the best ease of use. By default, most inbound traffic is blocked and outbound connections are allowed. The Vista firewall works in conjunction with Vista's new Windows Service Hardening feature, so if the firewall detects behavior that is prohibited by Windows Service Hardening Network Rules, it will block the behavior. The firewall also fully supports a pure IPv6 network environment.
Third, basic configuration options
With the basic configuration interface, users can start or shut down the firewall, or set the firewall to completely block all programs; can also allow exceptions exist (can specify which do not block which Program, service, or port), and specify the scope of each exception (whether it applies to traffic from all computers, including computers on the Internet, computers on the LAN/subnet, or computers to which you specify an IP address or subnet) ); you can also specify which connections you want the firewall to protect and configure security logs and ICMP settings.
IV. ICMP Message Blocking
By default, inbound ICMP echo requests can pass through the firewall, while all other ICMP messages are blocked. This is because the Ping tool is periodically used to send an echo request message for troubleshooting. However, the hacker can also send an echo request message to lock the target host. The user can block the response request message through the “Advanced” tab on the basic configuration interface.
V. Multiple Firewall Configuration Files
The Vista Firewall with Advanced Security MMC plug-in allows users to create multiple firewall profiles on their computers so that different firewalls can be used for different environments. Configuration. This is especially useful for portable computers. For example, when a user connects to a public wireless hotspot, it may require a more secure configuration than when connected to a home network. Users can create up to three firewall profiles: one for connecting to a Windows domain, one for connecting to a private network, and one for connecting to a public network.
VI. IPSec Function
Through the advanced configuration interface, users can customize IPSec settings, specify security methods for encryption and integrity, determine the lifetime of the key, or press the session. Calculate and select the desired Diffie-Hellman key exchange algorithm. By default, the data encryption feature of an IPSec connection is disabled, but it can be enabled and which algorithms are selected for data encryption and integrity.
VII. Security Rules
Through the wizard, users can gradually create security rules to control how and when a secure connection is established between a single computer or a group of computers. Standards such as members or security conditions restrict connections, but allow specified computers to fail to meet connection verification requirements; rules can be created to require authentication for two specific computers (server-to-server) connections, or tunnel rules for gateways The connection between them is verified.
VIII. Customized Validation Rules
When creating a custom validation rule, specify a single computer or a group of computers (by IP address or address range) to become the connection endpoint. The user can request or request verification of an inbound connection, an outbound connection, or both.
IX. Inbound and Outbound Rules
Users can create inbound and outbound rules to block or allow specific programs or ports to connect; they can use pre-set rules or Create a custom rule, “New Rule Wizard” can help the user step through the steps of creating a rule; the user can apply the rule to a set of programs, ports or services, or apply the rule to all programs or a specific program; Can block a software from making all connections, allowing all connections, or only allowing secure connections, and requiring encryption to secure the data sent over the connection; configuring source IP addresses and destinations for inbound and outbound traffic IP addresses can also be configured for source TCP and UDP ports as well as destination TCP and UPD ports.
X. Active Directory-Based Rules
Users can create rules to block or allow connections based on Active Directory user, computer or group accounts, as long as the connection is through Kerberosv5 (including Active Directory accounts) Information) IPSec to protect security. Users can also use the Windows Firewall with advanced security features to enforce Network Access Protection (NAP) policies.
Windows Meeting Space (WMS) is a new program built into Windows Vista that allows up to 10 collaborators to share desktops, files, and presentations, and send personal messages to each other over the network.
The top ten precautions are clear. When you use it, you can refer to the article first to form a habit.
How to find the local IP address? Finding the local IP address is for users in the LAN such
Dual systems have become popular in the era. Many friends like to install dual systems or multiple s
As we all know, there is a BIOS system in the computer we use. Its Chinese meaning is “basic input a
Some of the things we often use include the task manager, etc. However, in the process of using the
Beware of misunderstandings: You need to do this after computer poisoning
IE browser alternative skills introduction
Windows and linux dual system delete linux
Use the registry image to manage viruses
How to close the red dot of WeChat friends circle?
How to completely remove the use of the computer
I have to know the malware terminology big inventory
How to view the hidden partition of the u disk?
Computer tips 0x0000008E blue screen how to solve?
How to solve the u disk can not be accessed?
Msconfig in the Windows 2000 system
What are the two major factors related to u disk transmission speed?
Win10 system automatically synchronizes network time method
Win7 system does not have a desktop icon, only text, how is it going to
Windows 8 system cancels SP integration patching method
How to hide PHP version in Linux server
Aisi assistant DFU mode entry method
What if the Win8 system cannot set a static IP address?
Win 7 and iPhone do not get into trouble with Intel chipset
When will Win9 be released? Microsoft's next generation Win9 intelligence summary
Win7 system play dungeon and warrior (DNF) card in the role selection interface how to do