First, the new features of the firewall
Compared with ICF, the Windows Firewall in SP2 has been significantly improved. The first is the runtime of the firewall. In previous versions of WinXP, there was a period of time between the loading of the network stack and the ICF run, which meant that the entire system was completely exposed during the period from system startup to full operation of the firewall, and was not exposed to the firewall. protection. This is because the system services required for ICF operation are started after the system is booted. The ICF service also depends on other system services. When the services are not running, the ICF services will naturally not run. A new simple protection called "Boot-Time Policy" has been added to the SP2 system. With this protection, we can only use a few required network services, such as the contact between the DNS server and the DHCP server. Wait until the network activity is normal after the firewall is started.
The new Windows Firewall is not only enabled by default, but its configuration interface is also more beautiful. In addition, new features of Windows Firewall include: local subnet restrictions; common configuration options applied to all connections; built-in IPv6 support; new Group Policy configuration options; specific communications can be specified by the application's file name (The original ICF can only specify a port, but cannot specify a program. Now you can select a specific program directly in the allowed communication).
Second, security alert
In SP2, when the user runs an application locally and provides services as an Internet server, Windows Firewall will pop up a new security alert dialog box. . This application or service can be added to the Windows Firewall exception by selecting an option in the dialog box (ie, "Unblock this program" is selected), and the Windows Firewall exception configuration will allow specific inbound connections. Of course, you can also manually add programs to the exceptions or add ports to the exceptions. For specific addition methods, see the firewall option settings below.
Once the program provides the connection service, the firewall will remind the user
3. Firewall option settings
Click Start→Control "Panel", then double-click the "Windows Firewall" item in the classic view of the control panel to open the Windows Firewall console. In addition, you can also open the firewall console by clicking "Windows Firewall" under SP2's newly added Security Center interface.
1. General Tab
Firewall Console is a new entry for SP2
There are two mains in the Windows Firewall Console General tab. Options: Enabled (Recommended) and Off (not recommended), one sub-option "Do not allow exceptions". If you choose not to allow exceptions, Windows Firewall will block all network requests that connect to the user's computer, including applications and system services in the Exceptions tab list. In addition, the firewall will also intercept file and printer sharing, as well as network device detection. Using a Windows Firewall that does not allow exceptions is simply "closed" and is more suitable for "high-risk" environments, such as restaurants, hotels, and airports that connect to personal computers on public networks.
2. Exceptions Tab
Don't allow servers to take effect
Some programs need external communication, you can add them to the Exceptions tab. The program here will be licensed to provide connection services that can listen for and accept connections from the network.
Under the Exceptions tab interface, there are two add buttons, "Add Program" and "Add Port", which can be manually added according to the specific situation. If you don't know which port an application communicates with the outside world, or if you don't know if it is based on UDP or TCP, you can add an exception by adding a program. For example, to allow Windows Messenger to communicate, click the "Add Program" button, select the application "C:\\Program Files\\Messenger\\Messenger\\msmsgs.exe", and then click "OK" to add it to the list.
If you are familiar with the port number and TCP/UDP, you can use the latter method, that is, specify how to add the port number. For each exception, you can specify its scope by "change scope". For home and small office application networks, it is recommended to set the scope to a possible local network. Of course, you can also customize the IP range in the scope so that only network requests from a specific IP address range can be accepted.
3. Advanced Tab
Make the system more secure, take a good look at the advanced settings
The "Advanced" tab contains four options for network connection settings, security records, ICMP settings and restore default settings, according to the actual The situation is configured.
◆Network Connection Settings
Here you can choose which connections the Windows Firewall applies to. Of course, you can configure a connection separately, which can make the firewall application more flexible.
◆Security Recording
The logging of the new Windows Firewall is similar to that of ICF. The settings in the log option can record the tracking record of the firewall, including all the items of discarding and success. In the log file option, you can change the location where the log file is stored, or you can manually specify the size of the log file. The default option for the system is to not record any interception or success, and the size of the log file defaults to 4MB.
◆ICMP Settings
The Internet Control Message Protocol (ICMP) allows computers on the network to share error and status information. When an item is selected in the ICMP Settings dialog box, the corresponding description information is displayed at the bottom of the interface, which can be configured as needed. By default, all ICMPs are not open.
◆Default Settings
If you want to restore all Windows Firewall settings to their default state, you can click the Restore to Defaults button on the right.
IV. Group Policy Deployment
Group Policy settings have a high priority
In ICF, only through network connections, network creation wizards and The Internet Connection Wizard performs or disables ICF, and the new version of Windows Firewall can control firewall status, allowed exceptions, and more through Group Policy.
Click "Start → Run", enter "gpedit.msc" in the "Run" dialog box, and then click "OK" to open the WinXP Group Policy Editor. Once you enter the Group Policy Editor, you can use it to configure your Windows Firewall. From the left pane, expand Computer Configuration→Administrative Templates→Network→Network Connections→Windows Firewall. Under Windows Firewall you can see two branches, one is the domain configuration file and the other is the standard configuration file. Simply put, when a computer is connected to a network with a domain controller (that is, when there is a dedicated management server), the domain configuration file works, and instead, the standard configuration file works. The default value takes effect even if no standard configuration file is configured.
Tip: Windows Firewall configuration and status information can also be obtained through the command line tool Netsh.exe. You can enter the "netsh firewall" command in the command prompt window to get firewall information and modify firewall settings.
As can be seen from the previous introduction, the Windows Firewall integrated in SP2 is close to many mature personal firewall products. Although this new version of the firewall lacks the features of some third-party vendors' products (such as output filtering), it is a good choice for individual users.
Application or dll is invalid windows image, invalid windows image; Symptoms of application
The boot menu of Windows 2000/XP is much advanced compared to Windows 98. After pressing the
user desktop using Geforce 420 discrete graphics, XP system, VGA display, is now ready to cooperate
I recently installed the Windows XP operating system. I know that when I press F8 at startup
Excellent features in clone VISTA system in XP (1)
Chinese XP installation IE7 Beta1 method
Windows 16th Dynasty Dynasty - Development Period
This is called professional! Create a mouse right mouse button (2)
How to modify file attributes in batches in Windows XP
New use of large memory under Win XP
Do it yourself to optimize Windows XP system
How to select and set the system sound?
Windows XP can be shut down in one second
Windows XP SP3 solves the system shutdown failure
Tencent computer housekeeper switch account diagram tutorial
How to improve the printing speed of the printer?
Win7 system prompts system call failure how to solve?
WSClient.dll error solution after Win10 system update
Win7 installation software prompts "Unable to verify the publisher"
How to reset Win10 system local user password