Add a protection net: Win2008 advanced Firewall

Source: Internet
Author: User
Tags add command line interface net requires version window port number
The functionality of Microsoft's Windows Server 2003 firewall is so shabby that many system administrators see it as a chicken, and it has always been a simple, inbound-only, host-based State firewall. And as Windows Server 2008 gets closer to us, its built-in firewall capabilities are dramatically improved. Let's take a look at how this new advanced firewall will help protect our system and how to configure it using the Management console unit.

Why should you use this Windows host-based firewall?

Today, many companies are using external security hardware to reinforce their networks. This means that they use firewalls and intrusion protection systems to build a fortress around their networks to protect them from the intrusion of malicious attackers on the internet. However, if an attacker can break the perimeter and gain access to the internal network, only Windows authentication security will prevent them from accessing the company's most valuable assets-their data.

This is because most it people do not use host-based firewalls to secure their servers. Why is there such a situation? Because most it people believe that the deployment of host-based firewalls is more cumbersome than the value they bring.

I hope that after you finish reading this article, you can take a moment to consider the host-based firewall of Windows. In Windows Server 2008, this host-based firewall is built into Windows, has been pre-installed, has more functionality than previous versions, and is easier to configure. It is one of the best ways to reinforce a critical base server. Windows Firewall with Advanced Security combines host firewall and IPSec. Unlike a border firewall, Windows Firewall with Advanced Security runs on every computer running this version of Windows. and provides local protection for network attacks that may traverse the boundary network or originate within the organization. It also provides connection security for your computer to your computer, allowing you to require authentication and data protection for traffic.

So what does this Windows Server advanced firewall do for you, and how do you configure it? Let's go ahead and watch.

The functionality of the new firewall and its help to you

This built-in firewall in Windows Server 2008 is now "advanced". This is not just me saying it advanced, Microsoft has now called it Advanced Security Windows Firewall (WFAS).

Here's a new feature that will prove the new name:

1, the new graphical interface.

Now configure this advanced firewall with a management console unit.

2, two-way protection.

Filter outbound and inbound traffic.

3, with IPSec better cooperation.

Windows Firewall with Advanced Security integrates Windows Firewall features and Internet Protocol security (IPSEC) into a single console. Use these advanced options to configure key exchange, data protection (integrity and encryption), and authentication settings in the manner that your environment requires.

4, Advanced rule configuration.

You can create firewall rules for various objects on Windows Server, and configure firewall rules to determine whether traffic is blocked or allowed through Windows Firewall with Advanced Security.

When an incoming packet arrives at the computer, Windows Firewall with Advanced Security checks the packet and determines whether it complies with the criteria specified in the firewall rules. If the packet matches the criteria in the rule, Windows Firewall with Advanced security executes the action specified in the rule, which blocks the connection or allows the connection. If the packet does not match the criteria in the rule, Windows Firewall with Advanced security discards the packet and creates an entry in the firewall log file (if logging is enabled).

When you configure a rule, you can choose from a variety of criteria such as application name, system service name, TCP port, UDP port, local IP address, remote IP address, configuration file, interface type (such as network adapter), user, user group, computer, Computer group, protocol, ICMP type, and so on. The criteria in the rule are added together; the more standards you add, the finer the incoming traffic is matched by Windows Firewall with Advanced Security.

By adding two-way protection, a better graphical interface, and advanced rule configuration, this advanced security Windows Firewall is becoming as powerful as a traditional host-based firewall, such as ZoneAlarm Pro.

I know that the first thing any server administrator can think of when using a host-based firewall is: Does it affect the proper functioning of this critical server base application? However, this is a possible problem with any security measures, and Windows 2008 Advanced Security Firewall automatically configures new rules automatically for any new roles that are added to this server. However, if you run a non-Microsoft application on your server and it requires an inbound network connection, you will have to create a new rule based on the type of communication.

By using this advanced firewall, you can better fortify your server against attack, let your servers not be exploited to attack others, and really determine what data is going in and out of your server. Let's take a look at how to achieve these goals.

Learn about configuring advanced security options for Windows Firewall

In previous Windows Server, you could configure Windows Firewall by configuring your network adapter or from the Control Panel. This configuration is very simple.

For Windows Advanced Security firewall, most administrators can either configure it from Windows Server Manager or configure it from the Windows Advanced Security Firewall MMC snap-in only.

I found the simplest and quickest way to start this Windows Advanced Security firewall is to type ' firewall ' in the Start menu's search box

How to quickly start the Windows 2008 Advanced Security Firewall Management Console

Alternatively, you can configure Windows Advanced Security Firewall with the command line tool that configures the network component settings. Using Netsh advfirewall, you can create scripts to automatically configure a set of Windows Firewall settings with Advanced security for both IPV4 and IPV6 traffic. You can also use the netsh advfirewall command to display the configuration and status of Windows Firewall with Advanced Security.

What can I configure using the new Windows Advanced Security Firewall MMC snap-in?

Because you can configure so many features with this new firewall management console, I can't possibly be able to refer to them in the same way. If you've ever looked at the configuration graphical interface of the Windows 2003 built-in firewall, you'll quickly find yourself hiding so many options in this new Windows Advanced Security firewall. Below let me choose some of the most commonly used features to introduce to you.

By default, when you first enter the Windows Advanced Security Firewall Management console, you will see that Windows Advanced Security Firewall is turned on by default and blocks inbound connections that do not match inbound rules. In addition, this new outbound firewall is closed by default.

The other thing you'll notice is that this Windows Advanced Security firewall also has multiple profiles for users to choose from.

Configuration files provided in the Windows 2008 Advanced Security Firewall

There is a domain profile, a private profile, and a public configuration file in this Windows Advanced Security firewall. A configuration file is a method of grouping settings, such as firewall rules and connection security rules, that are applied to the computer based on where the computer is connected. For example, depending on whether your computer is in a corporate LAN or a local coffee shop.

In my view, the most significant improvements in all of the improvements to the Windows 2008 Advanced Security Firewall We discussed were more complex firewall rules. Take a look at the option to add an exception to the Windows Server 2003 firewall.

Windows 2003 Server Firewall Exception window

Again, compare the configuration window in Windows 2008 server.

Windows 2008 Server advanced Firewall exception Settings window

Note that protocol and port labels are only a small part of this multiple-label window. You can also apply rules to users and computers, programs and services, and IP address ranges. With this complex firewall rule configuration, Microsoft has developed a Windows Advanced security firewall toward Microsoft's IAS server.

The number of default rules provided by the Windows Advanced Security firewall is also surprising. In Windows 2003 server, there are only three default exception rules. and

The Windows 2008 Advanced Security Firewall provides approximately 90 default inbound firewall rules and at least 40 default Out-of-office rules.

Windows 2008 Server Advanced firewall default inbound rules

So how do you use this new Windows Advanced Firewall to create a rule? Let's take a look at it next.

How do I create a custom inbound rule?

Suppose you have installed the Windows version of the Apache Web server on your Windows 2008 server. If you have already used the Windows built-in IIS Web server, this port will automatically open for you. However, since you now use a Web server from a third party, and you open the inbound firewall, you must manually open the window.

Here are the steps:

• Identify the protocol you want to shield-in our case, it is TCP/IP (corresponding to UDP/IP or ICMP).

• Identify the source IP address, source port number, destination IP address, and destination port. The web traffic we make is from any IP address and any port number and flows to this server 80 port data communication. (Note that you can create a rule for a particular program, such as the Apache HTTP server here.)

• Open the Windows Advanced Security Firewall Management Console.

• Add rules-click the New Rule button in the Windows Advanced Security Firewall MMC to start the wizard to start the new rule.

Windows 2008 Server Advanced Firewall Management Console-New Rule button

• Select the rules you want to create for a single port.

• Configure protocol and port number-Select the default TCP protocol and enter 80 as the port, then click Next.

• Select the default "Allow connection" and click Next.

• Select the default apply this rule to all configuration files and click Next.

• Give the rule a name and click Next.

Windows 2008 Server Advanced Firewall Management Console after the rule is created

After my test, when this rule was not enabled, my recently installed Apache Web server did not work properly. However, after you create this rule, it works!

Conclusion: Great improvement is worth a try

With firewall profiles, complex rule settings, and 30 times times the number of default rules, and a lot of advanced security features not mentioned in this article, the Windows 2008 Server Advanced Security Firewall is truly the real one, a high-level firewall called Microsoft. I believe this built-in, free, advanced host-based Firewall will ensure that Windows Server becomes more secure in the future. However, if you do not use it, it will not be of any help to you. So I want you to experience this new Windows Advanced Firewall today.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.