Two independent graphic configurations of system firewalls

　　Do you know what the system firewall has two separate graphical configuration interfaces? Here is to say that the firewall has two independent graphical configuration interface!

　　First, the use of two interfaces to meet the different needs

Vista Firewall has two independent graphics configuration interface: First, the basic configuration interface, can be accessed through the "Security Center" and "Control Panel"; The second is the Advanced Configuration interface, which users can use as plug-ins to access after they create a custom MMC.

This prevents unintended changes to the novice user and causes the connection to be interrupted, and provides a way for advanced users to customize the firewall settings more granular and to control outbound and inbound traffic. Users can also use commands in the Netsh advfirewall context to configure Vista firewalls from the command line; You can also write scripts that automatically configure the firewall for a group of computers; You can also control the settings of the Vista firewall through Group Policy.

　　Second, security under the default settings

Windows Firewall in Vista has a secure configuration by default, while still supporting optimal ease of use. By default, most inbound traffic is blocked and outbound connections are allowed. Vista Firewall works with the new feature of Vista Windows services, so if the firewall detects behavior that is blocked by the Windows Service Hardening network rules, it blocks the behavior. Firewalls also fully support a pure IPV6 network environment.

　　Three, basic configuration options

Using the basic configuration interface, users can start or shut down the firewall, or set up a firewall to completely block all programs; You can also allow exceptions to exist (you can specify which programs are not blocked, service or port, and specify the scope of each exception (whether it applies to traffic from all computers, including computers on the Internet, computers on the local area network/subnet, or computers that you specify with IP addresses or subnets); You can also specify which connections you want the firewall to protect, and configure the security log and ICMP settings.

　　Iv. ICMP message blocking

By default, inbound ICMP response requests can pass through the firewall, while all other ICMP information is blocked. This is because the Ping tool is used to send a response request message on a regular basis for troubleshooting purposes. However, a hacker can also send a response request message to lock the target host. Users can block the response request message by using the Advanced tab on the basic configuration interface.

　　Five, multiple firewall configuration files

The Vista firewall with the Advanced Security MMC plug-in allows users to create multiple firewall profiles on the computer so that different firewall configurations can be used for different environments. This is especially useful for portable computers. For example, when a user connects to a public wireless hotspot, it may require a more secure configuration than when connected to a home network. Users can create up to three firewall profiles: one for connecting to a Windows domain, one for connecting to a private network, and the other for connecting to a public network.

　　Six, IPSec features

With the Advanced Configuration interface, users can customize IPSec settings, specify security methods for encryption and integrity, determine whether the life cycle of the key is calculated by time or by session, and select the desired Diffie-hellman key exchange algorithm. By default, the data encryption feature of IPSec connections is disabled, but it can be enabled and which algorithms are selected for data encryption and integrity.

　　VII. Safety Rules

The wizard allows users to step through the creation of security rules to control how and when a secure connection is established between a single computer or a group of computers; You can also restrict connections based on criteria such as domain membership or security conditions, but allow specified computers to not meet connection validation requirements; You can also create rules that require authentication when two specific computers (server to server) connect, or use tunneling rules to authenticate connections between gateways.

　　VIII. Custom Validation rules

When you create a custom validation rule, you specify a single computer or a group of computers (either by IP address or address range) as the connection endpoint. Users can request or require authentication of inbound connections, outbound connections, or both.

　　Ix. Inbound and outbound rules

Users can create inbound and outbound rules that block or allow a particular program or port to connect; You can use a preset rule to you can also create custom rules that can help users step through the process of creating rules, where users can apply rules to a set of programs, ports, or services, or apply rules to all programs or to a particular program; All connections are allowed, or only secure connections are allowed, and encryption is required to protect the security of data sent over the connection; You can configure source and destination IP addresses for inbound and outbound traffic, as well as configure rules for source TCP and UDP ports and destination TCP and UPD ports.

　　Ten, based on the Active Directory rules

Users can create rules to block or allow connections based on Active Directory Users, Computers, or group accounts, as long as the connection protects security through IPSec with Kerberos V5 (which contains Active Directory account information). Users can also perform network Access Protection (NAP) policies using Windows Firewall with Advanced security features.

Windows Meeting Space (WMS) is a new program built into Windows Vista that allows up to 10 collaborators to share desktop, file, and presentation documents and send personal messages to each other over the network.