Brief analysis of Windows Vista built-in firewall graphics and text tutorial-application Tips

Source: Internet
Author: User
The ICF (Internet Connection Firewall) tool, which allows you to configure incoming rules for network packets, is not built into the system in Windows 2000, as early as in the expansion Toolkit for Windows 2000 systems. So the Windows system comes with a firewall that goes back to the XP system, and a component called Internet Connection Firewall built into the XP and XP SP1 system, which provides basic packet filtering, the predecessor of the system firewall.

After the release of the XP SP2, this ICF became the Windows Firewall, and there was a noticeable improvement in its use, and the setup was more graphical, which provided the function of intercepting and censoring the data entering the system. The next Windows Server2003 System also provides built-in firewall functionality, both in use and in effect as with XP SP2. However, the firewall can only filter the data into the system, which is not enough in the protection effect. Therefore, in actual use, most users still need to install other tools to enhance security effects.

However, the above security issues are resolved with the birth of Vista. So what about the functionality and security effects of the built-in firewalls in Vista? First, Vista system firewall provides two modes and bidirectional filtering, and has obvious improvement in application rules and application strategies. It is no exaggeration to say that, to a certain extent, users can not install any Third-party firewall tools and only use the Vista system built-in firewall to achieve security features.

One, Dual mode: Beginning, advanced user-all

There are two settings modes available in Vista Firewall, in the form of simple and advanced mode. This is suitable for two different types of users.

1. Simple mode

Vista firewall in simple mode and Windows XP SP2 Firewall is not different, this mode is suitable for novice users, through the Vista firewall simple mode can be without any security technology knowledge of the operator to achieve effective protection of the system.

The firewall simple mode is opened through the Vista System "Control Panel" to achieve, into the "Control Panel" select the "Security" option. Next, click Windows Firewall in the Security Settings window (see Figure 1). So we started the Vista system firewall, Jane.


Single mode. Turn off and add simple filtering rules like the firewall in XP SP2.

2. Advanced Mode

In the simple model we also do not see the powerful Vista firewall, and in advanced mode, it can set the filtering rules to prevent the loss of any third-party firewall software.

Access to Vista Firewall Advanced mode A lot of methods, the author introduces a commonly used one. Go to Vista desktop and run gpedit.msc through the "Start" menu to the Group Policy Settings window of Vista system. We turn on "local Computer policy → computer Configuration →windows settings → security settings → advanced security Windows Firewall → advanced security Windows Firewall → local Group Policy object." This is the Advanced mode configuration interface for Vista firewall (see Figure 2). In advanced mode we can define the filtering rules of the firewall at will.


Tip: Access to system critical components in Vista requires UAC authentication, so it is also necessary for the system administrator to allow the operator to authenticate through UAC when accessing the firewall Advanced mode. The so-called UAC validation is added to the Vista system for security features, when some changes to the system parameters of the operation, Vista will be prompted to enter the account with administrator rights and password for UAC authentication, through authentication to continue to modify settings and other operations.

Bidirectional filtration: No one dares to say unprofessional

Technology Reviews: Vista Firewall introduced dual mode is for different user groups, which simple mode is convenient for ordinary users to use and configure the firewall, and advanced mode is to those who have higher security requirements or network access to traffic requirements more stringent, need to define their own detailed rules of users. In advanced mode, users can set specific rules for the firewall in detail. For example, a rule is set for a program, a port, and an IP address segment. Advanced mode is the essence of Vista firewall, it has the Third-party professional firewall software should have the function. Two, two-way filtration: No one dares to say unprofessional

In addition to the dual-mode features mentioned above, bidirectional filtering is also introduced for the first time in Vista firewall. This is also the basic features of professional-level firewalls. This bidirectional filtering function only exists in the advanced mode, to set up bidirectional filtering to enter the advanced mode of Vista Firewall first. In advanced mode we will see the corresponding "Outbound rules" and "Inbound rules" option, where "inbound" is for the outside to the local packet of the filter rules, and "outbound" is to the local to the outside packet filtering rules. The "Outbound" direction filter is not in the previous Windows Firewall (see Figure 3). We can also set up the outbound rules for a program, a port, and an IP address segment just as you set up inbound rules.


Small hint: the so-called inbound and outbound are for the network data flow, inbound is the network packet from the outside to the local system direction, the corresponding outbound is the network packet from the system to the external network transmission direction.

To know that in the previous system firewall, whether ICF or XP SP2 firewall or even Windows Server 2003 firewall is based on the single directional filtering rules are set, the so-called single direction means that the firewall can only be from the outside to the local packet filter, You cannot add any filtering rules to packets sent from this computer to the outside world.

This one-way filtering features so that once the native system for some reason infected with a virus or trojan, then the system firewall will be from within the system of illegal connections and illegal transmission of no way. Especially when the system is infected with worms, will send a lot of session connection to propagate, one-way firewall will be to this from the data from the inside out of the blind, resulting in the firewall in the "ghost" in front of the form of a dummy. So this one-way filtering characteristics caused by the previous version of the firewall can not be user identity, can not guarantee the real security of the system, many users have reluctantly chosen to install another firewall to defend against attacks.

However, this problem in the Vista Firewall Advanced mode in the bidirectional filtering function, we can prohibit illegal program "outbound" access, so even if the computer even infected with the virus can reduce the virus to the local and network harm to the minimum.

Technology Reviews: Vista Firewall's two-way filtering function is actually equivalent to the function of its traditional firewall increased by one times, in the security and defense against virus intrusion performance more outstanding, precisely because this two-way filtering makes Vista firewall become a real professional firewall.

Three, multiple occasions function: The professional function of intelligent

In addition to the dual-mode and two-way filtering function, Vista Firewall also proposed the "multiple occasions for firewall application" concept. This feature greatly improves the intelligence of Vista Firewall and can help users apply different levels of filtering rules in different situations. All rule switching is done automatically. This "many occasions" concept of "Firewall application" also requires us to set up in "Advanced mode" to reflect.

1. Automatic switching of security protocol connection and non-secure Protocol connection rules

In the Advanced Mode Setup rule, we'll see where the rule applies when the "connect to the specified condition" setting is selected. For example, when a network uses secure protocol connections such as IPSec, it can be set to pass through a firewall for data on how these programs operate or, in any case, to block the program, or allow connections to allow these programs to be filtered smoothly through the firewall. This enables us to implement different filtering rules when connecting to a network based on security protocols and unsecured protocols.

Small hint: the so-called IPSec security protocol connection refers to the use of a dedicated IPSec protocol or IPSec based VPN encryption transmission mechanism to achieve the network packet encryption transmission, encrypted through the IPSec security Protocol network connection is more secure, we can be more comfortable and bold network.

2. Automatic switching of different network status rules

In the Advanced Mode Setup rule, we see that when we apply this rule, there are multiple network environments available to choose from, in turn, the domain network, the private network, and the public network. These three network environment sharing standards are different, we need to set up separately. And in the firewall can also let us achieve in different network environment rules automatic switching function, in short, through this function can be a firewall when three ways to use, each network environment has its own security rules.

Traditional firewalls cannot adopt a separate set of rules for different network environments and connection types. This causes the user to use the notebook computer access to the public network at home and the unit access to the private network using the same filtering rules, in the unit set good filtering rules after the home but forgot to modify the settings, Thus, it is easy to be invaded by malicious programs such as viruses under the public network access.

Vista Firewall This kind of different network environment and connection type can automatically adopt different rules of the function more humane, can enable the user's notebook computer to return home from the unit access to the public network to achieve the automatic rules of the switch, the original application of private network access to security rules to be applied to the public network access in the home security rules.

Technology Reviews: Different occasions automatically switch to different rules is a major feature of Vista firewall, all the operation of the replacement of filtering rules are not in the user intervention automatically completed, thereby improving the security of the system, eliminating the user frequently modify the cumbersome work of the firewall settings.

Iv. Summary of Experts

From this article we can see that Vista firewall in the features and settings and the previous Windows system firewall is very different. The introduction of the two modes facilitates the user setting; the introduction of bidirectional filtering allows the system firewall to be two; the function of automatic switching filter rules in multiple occasions and let our firewall can take one when three, in a sense we have to admire Microsoft's technology, Through several improvements to the original can not assume the responsibility of the system firewall instantaneous into a security guard, now the Vista firewall has become a justifiable "fortress."

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.