Microsoft has made major changes to Windows Firewall in Vista, which enhances security and makes it easier for advanced users to configure and customize while retaining the simplicity required by novice users.
First, use two interfaces to meet different needs
Vista Firewall has two independent graphical configuration interfaces: First, the basic configuration interface, through the "Security Center" and "Control Panel" "To access; Second, the advanced configuration interface, the user can be accessed as a plug-in after creating a custom MMC. This prevents unintentional changes by novice users from causing connection disruptions, and provides a way for advanced users to fine-tune firewall settings and control outbound and inbound traffic. Users can also use the command in the netsh advfirewall context to configure the Vista firewall from the command line. Scripts can also be used to automatically configure the firewall for a group of computers. Group Policy can also be used to control the settings of the Vista firewall.
Second, basic configuration options
With the basic configuration interface, users can start or close the firewall, or set the firewall to completely block all programs; can also allow exceptions exist (can specify which do not block which Program, service, or port), and specify the scope of each exception (whether it applies to traffic from all computers, including computers on the Internet, computers on the LAN/subnet, or computers to which you specify an IP address or subnet) ); You can also specify which connections you want the firewall to protect and configure security logs and ICMP settings.
Third, the security under the default settings
Windows Firewall in Vista uses security configuration by default, while still supporting the best ease of use. By default, most inbound traffic is blocked and outbound connections are allowed. The Vista firewall works in conjunction with Vista's new Windows Service Hardening feature, so if the firewall detects behavior that is prohibited by Windows Service Hardening Network Rules, it will block the behavior. The firewall also fully supports a pure IPv6 network environment.
IV. ICMP Message Blocking
By default, inbound ICMP echo requests can pass through the firewall, while all other ICMP messages are blocked. This is because the Ping tool is periodically used to send an echo request message for troubleshooting. However, the hacker can also send an echo request message to lock the target host. Users can block response request messages through the Advanced tab on the basic configuration interface.
V. Multiple Firewall Configuration Files
The Vista Firewall with Advanced Security MMC plug-in allows users to create multiple firewall configuration files on their computers so that different firewalls can be used for different environments. Configuration. This is especially useful for portable computers. For example, when a user connects to a public wireless hotspot, it may require a more secure configuration than when connected to a home network. Users can create up to three firewall profiles: one for connecting to a Windows domain, one for connecting to a private network, and one for connecting to a public network.
VI. IPSec Function
Through the advanced configuration interface, users can customize IPSec settings, specify security methods for encryption and integrity, determine the key life cycle by time or by session. Calculate and select the desired Diffie-Hellman key exchange algorithm. By default, the data encryption feature of an IPSec connection is disabled, but it can be enabled and which algorithms are selected for data encryption and integrity.
VII. Security Rules
Through the wizard, users can gradually create security rules to control how and when a secure connection is established between a single computer or a group of computers. Standards such as members or security conditions restrict connections, but allow specified computers to fail to meet connection verification requirements; rules can also be created to require authentication for two specific computers (server-to-server) connections, or tunnel rules for gateways The connection between them is verified.
VIII, custom validation rules
When creating a custom validation rule, you must specify a single computer or a group of computers (by IP address or address range) to become a connection endpoint. The user can request or request verification of an inbound connection, an outbound connection, or both.
IX. Inbound and Outbound Rules
Users can create inbound and outbound rules to block or allow specific programs or ports to connect; they can use pre-set rules or Create a custom rule, the New Rule Wizard can help the user step through the steps of creating a rule; the user can apply the rule to a group of programs, ports or services, or apply the rule to all programs or a specific program; A software that makes all connections, allows all connections, or allows only secure connections, and requires encryption to protect the security of data sent over the connection; source and destination IP addresses can be configured for inbound and outbound traffic You can also configure rules for source TCP and UDP ports and destination TCP and UPD ports.
X. Active Directory-Based Rules
Users can create rules to block or allow connections based on Active Directory users, computers, or group accounts, as long as the connection is through Kerberos v5 (including Active Directory) Account information) IPSec to protect security. Users can also use the Windows Firewall with advanced security features to enforce Network Access Protection (NAP) policies.
Windows Meeting Space (WMS) is a new program built into Windows Vista that allows up to 10 collaborators to share desktops, files, and presentations, and send personal messages to each other over the network.
An important feature in Windows Vista: creating a system health report may not be of interest to the
Nowadays, more and more PCs are pre-installed with Windows Vista at the factory, which is very conve
Microsofts latest operating system Windows Vista zone, Windows Vista powerful dig
UAC (User Account Control) is a new technology introduced by Microsoft in Windows Vista to improve s
In-depth experience of Windows Vista 5472 operating system new features
VISTA system desktop broadband connection icon BUG "the only" solution, are the theme provoke
Vista Twenty-two common problem solving methods
Windows Vista installation and use FAQ
Vista's own game record can not be saved to solve
Solving the problem of not being able to enter Vista due to the "crcdisk.sys" file
Regaining space from Windows Vista system recovery
Windows Vista all disk sharing solution
Reasonable setting of Vista common problems to solve six methods
Win8.1 Update batch automatic installation
How can Win7 prevent Adobe Photoshop automatic network verification
Cleverly set the input method, fast input with common phrases!
How does the win7 system enable large system cache? Two ways to use large system caches
Win10 opens any application method in the lock screen state.
Retrieve the "Recycle Bin" of the Win7 computer window
Win 7 comes with firewall settings and usage guide
Win7 system how to uninstall ie8 browser
Microsoft China: Win10 is the favorite system for 200 million global users.