For the general small and medium-sized enterprises, if you want to security management of the enterprise network, do not have to spend high money to buy professional firewall settings, directly with the operating system itself with the firewall function can meet the general enterprise application, today we come together to explore Windows Server 2008 R2 the powerful features of the system firewall. Skilled application windows built-in firewall, first need to understand the network location.
Network location
The first time you connect to a network, you must select a network location. This will automatically set the appropriate firewall and security settings for the type of network you are connected to. If a user is connected to a network in a different location (for example, a home, a local coffee shop, or an office), selecting a network location helps ensure that the user's computer is always set to the appropriate security level.
In Windows Server 2008, there are four network locations:
Home network:
Select Home Network for home networks or when users recognize and trust individuals and devices on the network. Computers on a home network can belong to a homegroup. For a home network, network discovery is enabled, which allows users to view other computers and devices on the network and allow other network users to view the user's computer.
Working network:
For a small office network or other workspace network, select Work Network. By default, network Discovery is enabled, which allows users to view other computers and devices on the network and allow other network users to view users ' computers, but users cannot create or join a homegroup.
Public network:
Select public network for the network in a public place (for example, a coffee shop or an airport). This location is designed to make the user's computer invisible to the surrounding computer and to help protect the computer from any malicious software coming from the Internet. The homegroup is not available in the public network, and network discovery is disabled. You should also select this option if you are not using a router to connect directly to the Internet, or if you have a mobile broadband connection.
Domain network:
The domain network location is used for domain networks (such as networks in Enterprise Workspaces). This type of network location is controlled by the network administrator and therefore cannot be selected or changed.
How Windows firewall affects network locations
When you connect to a network in a public place, the public network location prevents some programs and services from running, which helps protect your computer from unauthorized access. If you are connected to a public network and Windows Firewall is turned on, some programs or services may require users to allow them to communicate through the firewall so that these programs or services can work correctly.
After a user has allowed a program to communicate through a firewall, the program is also allowed to communicate for each network that has the same location as the current connection. For example, if a user connects to a network in a coffee shop and selects "Public network" as the location, and then unlocks an instant messaging program, blocking the program will be unblocked for all public networks connected to it.
If you plan to unblock multiple programs when you connect to a public network, consider changing the network location to a home network or a work network. From this point, this change may be more secure than affecting every public network that the user is connected to. However, keep in mind that if this change is made, the user's computer will be visible to others on the network, which is a security risk.
Windows Fire Zone Basic settings
When we install the system, the firewall feature is enabled by default, so that if you set up a network location, it will prevent other computers from communicating with this computer. To view the firewall's working status, click System and Security in the Control Panel, open Windows Firewall from there, and then you can see the status shown:
If you want to turn Windows Firewall on or off, just click "Turn firewall on or off" on the left, and then see the interface as shown:
From this diagram you can see that the firewall feature is turned on for home and work networks in the private network, and all incoming connections are blocked.
However, in the actual application, all incoming connections can not be blocked, where the user may set the corresponding "whitelist" to release certain connections, by clicking on the left side of the firewall work status interface, "Allow programs or features through Windows Firewall", the interface appears:
Adding a program to the list of allowed programs in the firewall or opening a firewall port allows a specific program to send or receive information between the firewall and your computer. Allowing a program to communicate through a firewall (sometimes called unblocking) is like opening a hole in a firewall.
Each time a port is opened or a program is allowed to communicate through a firewall, the security of the computer is also reduced. The more your firewall has allowed programs or open ports, the greater the opportunity for hackers or malware to use these channels to propagate worms, access files, or use your computer to spread malicious software to other computers.
Advanced Security settings for firewalls
The basic setup is simple, but the functionality is single, and if you need to set up Windows Firewall rules further, you need to go through the Windows Firewall with Advanced Security feature. Open the method as follows: In the administrative tool, click Advanced Security Windows Firewall, or click Advanced Settings in the firewall state you just clicked. As shown, you can then see the interface shown on the right.
What is Windows Firewall with Advanced Security:
Use Windows Firewall with advanced Security to help users protect computers on the network. This firewall allows you to determine the network traffic that is allowed to be transferred between the computer and the network. It also includes connection security rules that use Internet Protocol security (IPSEC) to protect traffic that is transferred between networks.
Windows Firewall with Advanced Security is a stateful firewall that examines and filters all packets for IP version 4 (IPV4) and IP version 6 (IPV6) traffic. In this context, filtering means that network traffic is processed through administrator-defined rules to allow or block network traffic. Incoming traffic is blocked by default, unless it is a response to a host request (the requested traffic) or is specifically allowed (that is, a firewall rule is created that allows the traffic). You can configure Windows firewall with Advanced Security to explicitly allow traffic by specifying a port number, application name, service name, or other criteria.
To create a firewall rule:
You can create firewall rules to allow this computer to send traffic to programs, system services, computers, or users, or to receive traffic from programs, system services, computers, or users. When a user's connection matches all connections for that rule standard, do one of the following three actions: Allow connections, allow only connections that are protected by using Internet Protocol security (IPSEC), and block connections.
You can create rules for inbound or outbound traffic. You can configure rules to specify computers or users, programs, services, or ports and protocols. You can specify the type of network adapter to which the rule applies: Local area networks (LANs), wireless, remote access, such as virtual private network (VPN) connections, or all types. You can also configure a rule to be applied with any profile or only when the specified profile is used, and you may have to change, create, disable, or delete rules when the IT environment changes.
Implementation of connection security:
Connection security involves authenticating the two computers before they begin to communicate and ensuring the security of the information sent between the two computers. Windows Firewall with Advanced Security uses Internet Protocol security (IPSEC) for connection security by using key exchange, authentication, data integrity, and data encryption (optional). Connection security rules use IPSEC to ensure that traffic is secure over the network. Use connection security rules to specify that connections between two computers must be authenticated or encrypted. You may also have to create firewall rules to allow network traffic that is protected by connection security rules.
What is a firewall configuration file:
A firewall configuration file is a method of grouping settings, such as firewall rules and connection security rules, that apply to a computer based on where it is connected. On a computer that is running this version of Windows, Windows Firewall with Advanced Security has three configuration files:
Each network adapter, the NIC, assigns a firewall profile that matches the type of network being detected. For example, if you connect a network adapter to a public network, all traffic that arrives or comes from that network is filtered by the firewall rule associated with the public profile.
Windows Server R2 and Windows 7 provide support for each active network adapter configuration file. In Windows Vista and Windows Server 2008, only one profile can be active on each computer. If there are multiple network adapters connected to different networks, the profile with the most restrictive profile settings applies to all adapters on the computer. The public profile is considered the most restrictive, followed by a private profile, and the domain profile is considered the least restrictive.
If you do not change the settings for a profile, the default value is applied as long as Windows firewall with Advanced Security uses the configuration file. It is recommended that you enable Windows Firewall with advanced security for all three profiles.
To configure these configuration files, in the Windows Firewall with Advanced Security MMC snap-in, right-click Windows Firewall with Advanced Security, and then click Properties.
If the service or application that you want to use does not appear in the list, the user can create a new rule, such as a Web server that is now operating, and open to other users to connect to the site, and you can open a 80-port rule by creating a new plan.
The local IP address is used by the local computer to determine whether the rule applies. Rules apply only to network traffic that is configured to use a network adapter that specifies a local IP address. Any IP address, select this option to specify a rule that matches a network packet that has any address specified as a local IP address. When this option is selected, the local computer always matches the rule. The following IP addresses, select this option to specify that the rule matches the network traffic with one of the addresses specified in the local IP address. If the local computer does not have a network adapter configured with a specified IP address, the rule does not apply. On the IP Address dialog box, click Add to create a new entry in the list, or click Edit to change an existing entry in the list. You can also remove an entry from the list by selecting the item and then clicking Remove.
Remote IP Address: Specifies the remote IP address to which the rule applies. If the destination IP address is one of the addresses in the list, the network traffic matches the rule. Any IP address, this option can specify that the rule matches a network packet that is sent from (for inbound rules) or destined (for outbound rules) to any IP address that is contained in the list. The following IP addresses, select this option to specify that the rule matches only the network traffic with one of the addresses specified in the remote IP address. In the IP Address dialog
You will also need to apply this firewall rule to the appropriate configuration file and interface type, so you need to specify the configuration file used by this rule, Windows determines the network location type for each network adapter, and then applies the appropriate configuration file to the network adapter. The interface type refers to the interface type that you can click Customize to specify the connection security rule to apply. The Custom Interface Type dialog box allows you to select any combination of all interface types or LAN, remote access, or wireless types. The last one to introduce is the edge traversal. Edge traversal allows the computer to accept unsolicited inbound packets that have passed through edge devices such as a network address translation (NAT) router or firewall. By default, the system prevents an application from receiving unsolicited traffic from the Internet through a NAT edge device. can also be set to comply with users or to comply with the application, so-called user refers to let the user decide when the application requests to receive unsolicited traffic from the Internet through a NAT edge device, whether the traffic is allowed. The compliance application refers to having each application determine whether to allow unsolicited traffic to be received from the Internet through a NAT edge device.
Network security ingenious Setup Win2008 R2 Firewall details (1)