Windows Server 2008 R2 Network Security Settings

  
        

Network Location

When connecting to the network for the first time, you must select a network location. This will automatically set the appropriate firewall and security settings for the type of network being connected. If a user is connected to the network in a different location (for example, a home, a local coffee shop, or an office), selecting a network location can help ensure that the user's computer is always set to the appropriate security level.

In Windows Server 2008, there are four network locations:

Home Network:

For home networks or when users recognize and trust individuals and devices on the network, Please select “Home Network”. Computers in the home network can belong to a family group. For home networks, "Network Discovery" is enabled, which allows users to view other computers and devices on the network and allow other network users to view the user's computer.

Work Network:

For small office networks or other workspace networks, select “Work Network”. By default, "Network Discovery" is enabled, which allows users to view other computers and devices on the network and allow other network users to view the user's computer, but users cannot create or join a home group.

Public Network:

Select "public network" for networks in public places (for example, coffee shops or airports). This location is designed to make the user's computer invisible to the surrounding computers and to help protect the computer from any malware from the Internet. Home groups are not available on the public network and network discovery is also disabled. This option should also be selected if the user is not directly connected to the Internet using a router or has a mobile broadband connection.

Domain Network:

“Domain" The network location is used for a domain network (such as a network in an enterprise workspace). This type of network location is controlled by the network administrator and cannot be selected or changed.

How Windows Firewall Affects Network Locations

When connecting to a network in a public place, the "public network" location prevents certain programs and services from running, which helps protect your computer from unauthorized Authorized access. If you connect to "public network" and Windows Firewall is turned on, some programs or services may require users to allow them to communicate through the firewall in order for these programs or services to work.

After a user allows a program to communicate through a firewall, the program is allowed to communicate for each network that has the same location as the one to which it is currently connected. For example, if a user connects to a network at a coffee shop and selects "public network" as the location and then removes the blocking of an instant messaging program, the program is blocked for all public networks to which it is connected. Will be lifted.

If you plan to unblock multiple programs when you connect to the public network, consider changing your network location to "Domestic" or "Work" network. From this point of view, this change may be more secure than affecting each public network to which the user is connected. But keep in mind that if this change is made, the user's computer will be visible to others on the network, which poses a security risk.

Basic settings for Windows fire zone

When we installed the system, the firewall function is enabled by default. In this case, as long as the network location is set, it will block other computers from this computer. Communication. To view the working status of the firewall, click System and Security in the Control Panel, open the Windows Firewall from it, and then you can see the status shown below:

If you want to turn Windows Firewall on or off Just click on the left side of the "Open or Close Firewall", and then see the interface as shown below:

From this picture you can see that the home network and work network for the private network have been The firewall feature is turned on and all incoming connections are blocked.

But in practical applications, you can't block all incoming connections. In this case, you can set the corresponding "white list" to release some connections by clicking on the firewall. In the left side of the status screen, "Allow programs or functions to pass Windows Firewall", the following interface appears:

Add a program to the list of allowed programs in the firewall or open a firewall port , allowing specific programs to send or receive information between your computer and your computer. Allowing programs to communicate through a firewall (sometimes called “Unblocking) is like opening a hole in a firewall.

Each time you open a port or allow a program to communicate through a firewall, your computer's security is reduced. The more ports your firewall has allowed or open, the more opportunities hackers or malware use these channels to spread worms, access files, or use computers to spread malware to other computers.

Advanced Security Settings for Firewalls

The basic settings have been simple, but the functions are also simple. If you need to further set Windows Firewall rules, you need to pass the "Advanced Security Windows Firewall" function. . To open it, click on Advanced Security Windows Firewall in the Administrative Tools, or click Advanced Settings in the previous firewall state. As shown below, you can then see the interface shown on the right.

What is Advanced Security Windows Firewall:

Using Advanced Security Windows Firewall helps users protect computers on the network. This firewall allows you to determine the amount of network traffic that is allowed to travel between your computer and the network. It also includes connection security rules that use Internet Protocol Security (IPsec) to protect traffic that is transmitted between networks.

Advanced Security Windows Firewall is a stateful firewall that checks and filters all packets for IP version 4 (IPv4) and IP version 6 (IPv6) traffic. In this context, filtering means that network traffic is processed through administrator-defined rules to allow or block network traffic. Incoming traffic is blocked by default unless it is a response to a host request (requested traffic) or is specifically allowed (that is, a firewall rule that allows this traffic is created). Advanced Security Windows Firewall can be configured to explicitly allow traffic by specifying a port number, application name, service name, or other criteria.

Creating Firewall Rules:

You can create firewall rules to allow this computer to send traffic to programs, system services, computers, or users, or to receive traffic from programs, system services, computers, or users. When a user's connection matches all of the rules's standards, all of the following three operations are performed: Allow connections, allow only connections that are secured by Internet Protocol security (IPSec), and block connections.

Rules can be created for inbound or outbound communication. Rules can be configured to specify a computer or user, program, service, or port and protocol. You can specify the type of network adapter to apply the rule to: local area network (LAN), wireless, remote access, such as a virtual private network (VPN) connection, or all types. You can also configure rules to apply when using any profile or only with the specified profile, and you may have to change, create, disable, or delete rules when the IT environment changes.

Implementation of connection security:

Connection security involves authenticating two computers before they begin communicating and ensuring the security of the information sent between the two computers. Advanced Security Windows Firewall uses Internet Protocol security (IPsec) for connection security by using key exchange, authentication, data integrity, and data encryption (optional). Connection security rules use IPsec to secure traffic as it passes through the network. Use connection security rules to specify that the connection between two computers must be authenticated or encrypted. It may also be necessary to create firewall rules to allow network traffic protected by connection security rules.

Copyright © Windows knowledge All Rights Reserved