network security has been paid more and more attention, and the most important means to ensure their own computer security is to install anti-virus software, network firewall and anti-spyware software program.
As early as the Windows XP era, Microsoft added a built-in firewall to the system. This is the Internet Connection Firewall (ICF) we first saw, which provides basic packet filtering. When it comes to XP SP2, this built-in firewall has been officially renamed to Windows Firewall, and has been significantly improved, such as providing protection during startup and shutdown, but still one-way protection, that is, only data that enters the computer. Conduct an interception review. So many computer users still choose third-party personal firewall products, such as Kaspersky or ZoneAlarm.
Two interfaces for different needs
In Windows Vista, Windows Firewall has made great progress. It can not only access the firewall user interface through the control panel like XP SP2, but also provides the technician through the MMC console. Configure the path to the advanced features of the firewall.
Vista's firewall has two separate configuration interfaces: the basic configuration interface can be opened through the security center in the control panel, and the advanced configuration interface requires the user to create a customized MMC. This independent configuration interface design prevents the primary users from reducing system security due to improper configuration, and also provides advanced users with more control over incoming and outgoing data.
In addition, users can configure Vista's firewall in command line mode through the commands in netsh advfirewall, or configure the firewall automatically on multiple computers by creating scripts. In addition, users can also control the configuration of the Vista firewall through Group Policy.
Basic configuration through the control panel
Like XP, users can turn the firewall on or off directly in the "General" tab, and can block all programs at the same time, without having to consider exceptions.
The "Block All Programs" option is a handy option, especially when the user is on a public Wi-Fi network. It allows the system to temporarily disable any program specified in the Exceptions from accessing the network, and when the user is in a relatively secure network environment, then turn this option off and restore the previous settings.
As with XP, in the basic settings of the Vista firewall, exceptions are also set in the "Exceptions" tab. Users can unblock the firewall by checking the appropriate program or service.
If the user wants to unblock a program that is not on the block list, the user can add it by clicking the "Add Program" button. In the Add Programs dialog, the user can select the program from the program list or through the file browser. With the "Change Scope" option, users can allow programs to access the network only in a certain range. The scope includes:
Any computer, including computers on the Internet.
·Only my local area network (subnet).
·Custom IP address or subnet range.
In addition, users can also choose whether to issue an alarm after the firewall intercepts the software.
The "Advanced" tab allows users to select a network connection that needs to be protected by a firewall.
In this tab, the user can also configure the log content (loss of packets or records of successful connections) and set the maximum size of the log. Set how the system responds to ICMP requests. By default, only the responding ICMP request packet will be received and the remaining ICMP requests will be disabled.
With the button restored to the default settings, the user can cancel all modifications and restore the firewall settings to the default state of the system installation.
Advanced Settings for Vista Firewall
Create Custom MMC
To view advanced settings, users need to create a custom MMC. Here's how to create it:
1. Click Start Programs Accessories and select Run.
2. Type mmc.exe in the run field. The user may need to enter a certificate of management or click to run the program certification.
3. After entering the MMC, click File Add/Remove Snap-in.
4. In the Available Snap-ins list, scroll down and select Windows Firewall With Advanced Security. Double click or select it and click the Add button.
5. In the Select Computer dialog, select Default (Local Computer) and click Finish.
6. Click OK in the Add/Remove Snap-ins dialog.
Now that the user expands the tree list on the left, you will see the Advanced Settings page of the Vista firewall on the right.
Vista can be customized in a variety of configurations
In Vista, users can customize a variety of configurations for the firewall, such as network configuration for the enterprise domain (user's laptop can log in or log out in the company domain), or suitable for the family Network configuration (such as a home point-to-point network) or configuration suitable for a public network environment (such as connecting to an open WI-FI network at an airport hotel). Each configuration is independent of each other.
Therefore, when the user is in the corporate network, even the Vista firewall can be turned off, because the enterprise network basically has a more advanced firewall, and when connected to the home network or the public wireless network, it can be opened in time. Firewall.
To change the various configurations, users can set it through Windows Firewall Properties. In the Domain, Private, and Public Profile tabs, users can turn the firewall on or off, and block or pass send and receive connection requests.
In all three configurations, the default is that the send connection can pass, and the received connection request is rejected (allow the exception). Users can also set all connections to be masked, including programs in the exceptions list. (The content in each configuration tab is the same)
With the Customize button, users can make more personalized adjustments to each configuration. For example, the user can set the system to issue an alarm message when the received connection request is rejected, and also set whether to receive the unicast response generated during multicast or broadcast. In addition, users can also set log options in the configuration project (you can record the loss or successful connection).
Once the user has set up each configuration and IPSec properties, you can proceed to the next step on computer connection security. This setting is used to determine when and how to set up between two computers (or a group of computers). Secure connection.