After the release of XP SP2, the ICF was officially named as Windows Firewall. It also made significant improvements in its use. The settings were more graphical and provided the interception and review function for data entering the system. The next Windows server2003 system also provides the built-in firewall function, which is used and works the same as XP SP2. However, this type of firewall can only filter the data that enters the system, but it is not effective. Therefore, in actual use, most users still need to install other tools to enhance the security protection effect.
However, the above security issues have been solved with the advent of Vista. So what are the improvements to the functions and security effects of the built-in firewall in Vista? First, the Vista system firewall provides two modes and two-way filtering, with significant improvements in application rules and application policies. To some extent, you can simply use the firewall built in Vista to implement security protection functions without installing any third-party firewall tools.
I. Dual Mode: for beginners and advanced users
Two setting modes are provided in the Vista Firewall, namely simple mode and advanced mode. This is suitable for two different types of users.
1. Simple Mode
Vista Firewall is no different from Windows XP SP2 firewall in simple mode. This mode is suitable for beginners, the simple mode of Vista Firewall can effectively protect the system without any security technical knowledge of the operator.
Open the firewall in simple mode through "Control Panel" in the Vista system. Go to "Control Panel" and select "security. Next, click "Windows Firewall" in the "Security" settings window (see figure 1 ). In this way, the simple firewall of the Vista system is started.
Single Mode. The method for enabling or disabling and adding simple filter rules is the same as that of firewall in XP SP2.
2. Advanced Mode
In simple mode, we cannot see that the Vista Firewall is powerful, but in advanced mode, the Filtering Rule prevention measures it can set do not lose to any third-party firewall software.
There are many ways to enter the advanced mode of Vista Firewall. I will introduce a common method. Go to the Vista system desktop and run gpedit. msc from the "Start" menu to enter the Group Policy settings window of the Vista system. Choose "Local Computer Policy> Computer Configuration> Windows Settings> Security Settings> Advanced Security Windows Firewall> Local Group Policy object ". This is the advanced mode configuration interface of the Vista Firewall (see figure 2 ). In advanced mode, we can define firewall filter rules at will.
TIPS: UAC authentication is required for key components to enter the system in Vista. Therefore, when accessing the advanced firewall mode, the system administrator must allow the operator to pass UAC verification. UAC verification is a security function added to the Vista system. When you modify system parameters, Vista will prompt you to enter an account and password with administrator permissions for UAC verification, after passing authentication, you can continue to modify settings.
Two-way Filtering: no one dares to say it is not professional
Technical Comment: The Vista Firewall introduces dual mode for different user groups. The simple mode is convenient for common users to use and configure the firewall, the advanced mode provides users who have high security requirements or strict network access traffic requirements and need to define detailed rules by themselves. In advanced mode, you can set specific firewall rules in detail. For exampleProgramTo set rules for a port and an IP address segment. The advanced mode is the essence of Vista Firewall. It already has the functions that third-party professional firewall software should provide. 2. bidirectional filtering: no one dares to say it is not professional
In addition to the dual-mode features mentioned above, two-way filtering is also introduced in the Vista system firewall for the first time. This is also the basic feature of Professional-level firewalls. This bidirectional filtering function only exists in advanced mode. To set bidirectional filtering, you must first enter the advanced mode of the Vista Firewall. In advanced mode, we will see the corresponding "outbound rules" and "inbound rules" options. "inbound" is the Filtering Rule for packets from the outside world to the local machine, while "outbound" filters data packets from the local machine to the outside world. Filtering in the "outbound" direction is not available in the past Windows Firewall (see figure 3 ). We can also set "outbound" Rules for a program, a port, and an IP address segment just like setting "inbound Rules.
TIPS: the inbound and outbound network data flows. The inbound network data packets are transmitted from the outside to the local system, the corresponding outbound traffic refers to the direction in which network packets are transmitted from the system to the external network.
You need to know that in the past system firewalls, both the ICF, XP SP2 firewalls, and even Windows Server 2003 firewalls were set based on single-direction filtering rules, the single direction means that the firewall can only filter data packets from the outside world to the local machine, but cannot add any filter rules for data packets sent from the local machine to the outside world.
This one-way filtering feature makes once the local system is infected with viruses or Trojans for some reason, the system firewall will have no way for these illegal connections and illegal spread from within the system. Especially when the system is infected with the worm and sends many session connections for transmission, the one-way firewall will turn a blind eye to this data from the inside out, eventually, the firewall becomes useless in front of "moles. Therefore, this one-way filtering feature makes the firewalls of previous versions unable to be recognized by users and ensures the real security of the system. Many users have no choice but to install another firewall to defend against attacks.
However, this problem can be solved by the two-way filtering feature in the advanced mode of the Vista Firewall. we can disable the "outbound" access of illegal programs, in this way, even if the local machine is infected with a virus, the harm of the virus to the local machine and the network can be minimized.
Technical Comment: the two-way filtering function of Vista Firewall is actually equivalent to doubling the functions of its traditional firewall, which is superior in terms of security prevention and defense against virus intrusion, it is precisely because of this two-way filtering that Vista Firewall has become a real professional firewall.
3. Multi-scenario functions: intelligent professional functions
In addition to the dual-mode and two-way filtering functions, Vista Firewall also introduces the concept of "multiple occasions of firewall Applications. This function greatly improves the intelligence of the Vista Firewall and can help users apply different levels of filtering rules in different occasions. All rule switching is completed automatically. This concept of "Firewall Application in multiple occasions" also needs to be set in "Advanced Mode" to reflect.
1. automatic switch between security protocol connections and non-security protocol connection rules
In advanced mode setting rules, we can see that this rule can be applied when "What operations should be performed when the connection meets the specified conditions" is set. For example, when the network uses ipsec and other secure protocol connections, you can set how to operate these programs or prevent the program's data from going through the firewall no matter what the situation is, you can also set "allow connections" so that these programs can filter through the firewall smoothly. In this way, different filtering rules can be applied when the network is connected Based on the security protocol and the non-security protocol.
TIPS: the so-called IPSec Security Protocol connection refers to the encrypted transmission of network data packets through a special IPSec protocol or an IPsec-based VPN encrypted transmission mechanism, the encrypted network connections through the IPSec Security Protocol are more secure, so that we can use the network more securely.
2. automatic switching of different network status rules
In advanced mode setting rules, we can see that multiple network environments are provided for us to choose when to apply the Rules. These are domain networks, private networks, and public networks in turn. The sharing standards for these three network environments are different and need to be set separately. In the firewall, we can also enable automatic switching of rules in different network environments. In short, this function can be used as three firewalls, and each network environment has its own security rules.
Traditional firewalls cannot separately set rules for different network environments and connection types, this causes the same issue that the user's laptop uses the same filtering rules for accessing the public network at home and for accessing the private network by the Organization. After setting the filtering rules for the organization, the user forgets to modify the settings, as a result, it is prone to viruses and other malicious programs intrude into the Internet.
Vista Firewall is more user-friendly to automatically use different rules for different network environments and connection types. It enables automatic switching of rules when users' laptops return from their homes to access the Internet, replace the security rules originally applied to private network access by the organization with those applied to public network access in the home.
Technical Comment: automatic switching of different rules on different occasions is a major feature of Vista Firewall. All operations to replace filtering rules are automatically completed without user intervention, which improves the security of the system, this removes the hassle of frequently modifying firewall settings.
Iv. Experts' Summary
From this article, we can see that the functions and settings of the Vista Firewall are significantly different from those of the Windows system firewall in the past. The introduction of the two modes facilitates user settings; the introduction of the two-way filter function makes the system firewall one to two; in many cases, the function of automatically switching Filtering Rules allows our firewall to become one-to-three. In a sense, we have to admire Microsoft's technology, through several improvements, the system firewall, which was originally unable to take on the important responsibilities, instantly became the guard of security protection. Now, the Vista Firewall has become a "copper wall ".
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
