The latest server operating system, Windows Server 2008, has been released, with a lot of security design and functionality added to the Microsoft's declared "most secure" server operating system, with a significant improvement in its firewalls, but for the server operating system, The common firewall with the system is obviously too shabby, and today we're introducing its advanced security Windows Firewall, a powerful tool that makes Windows Server 2008 much more secure.
Understanding Advanced Security Windows Firewall
In the "Deep defense" system, the network firewall is in the perimeter, while the Windows Firewall is at the host level. Like Windows XP and Windows 2003 firewalls, the Windows Server 2008 Firewall is also a host-based state firewall that combines host firewalls and IPSec to protect against network attacks that traverse the network boundary firewall and from within the enterprise. It can be said that host-based firewalls are a useful complement to network boundary firewalls.
The Advanced Security Firewall (WFAS) in Windows Server 2008 has improved significantly compared to firewalls in previous versions of Windows, which first supports two-way protection and filters outbound and inbound traffic.
Second, it integrates Windows Firewall features and Internet Protocol security (IPSEC) into a single console. Use these advanced options to configure key exchange, data protection (integrity and encryption), and authentication settings in the manner that your environment requires.
And wfas can also implement more advanced rule configuration, you can create firewall rules for various objects on Windows Server, and configure firewall rules to determine whether traffic is blocked or allowed through Windows Firewall with Advanced Security.
When an incoming packet arrives at the computer, Windows Firewall with Advanced Security checks the packet and determines whether it complies with the criteria specified in the firewall rules. If the packet matches the criteria in the rule, Windows Firewall with Advanced security executes the action specified in the rule, which blocks the connection or allows the connection. If the packet does not match the criteria in the rule, Windows Firewall with Advanced security discards the packet and creates an entry in the firewall log file (if logging is enabled).
When you configure a rule, you can choose from a variety of criteria such as application name, system service name, TCP port, UDP port, local IP address, remote IP address, configuration file, interface type (such as network adapter), user, user group, computer, Computer group, protocol, ICMP type, and so on. The criteria in the rule are added together; the more standards you add, the finer the incoming traffic is matched by Windows Firewall with Advanced Security.
There are several ways to configure the settings and options for Windows Server 2008 firewall and IPSec, so let's look at how to configure this advanced firewall for Window Server 2008.
Managing firewalls with the Advanced Security Windows Firewall snap-in
This approach allows you to configure both firewall settings and IPSec settings in one interface, as well as view the currently applied policies, rules, and other information in the Monitoring node.
To find the Advanced security Windows Firewall from the boot menu's Administrative tools, click Open the MMC snap-in.
From the above interface, we can see that Windows 2008 's advanced Secure Windows Firewall uses both outbound and inbound rules to configure how it responds to incoming and outgoing traffic, and to connect security rules to determine how to protect traffic between the computer and other computers. You can also monitor firewall activity and rules.
Let's take a real example to see how to configure these rules.
Start with the inbound rule first, if we have an Apache Web server installed on Windows Server 2008, by default, this server is inaccessible from the far end because there is no configuration in the inbound rules to confirm "release" of these traffic, we add a rule to it below.
With the Advanced Security Windows Firewall open, after clicking on the inbound rules, we can see some of the security rules that come with Windows Server 2008 from the list of inbound rules on the right, because Apache is a third-party application, so we need to go through the "new rules" in the right-hand side of the operation area. To create a new one.
As you can see here, we can create inbound rules based on specific programs, ports, customizations, or customizations, where each type of step is slightly different. In our example, we select the "program" type, click Next to select the specific program path.
The third step specifies what to do with the traffic that matches the conditions, and we are here to allow the connection, and then after you select the configuration file that applies the rule and specify a name for the rule, the rule is created, and you can see the rules you created from the list of inbound rules. You can now access your Apache server normally from remote, and if you want to modify the rules that have been created, you can do so from the right-hand area of the operation after you select the rule.
Clicking on the "Properties" button will pop up the image window below, where you can make more detailed changes to the rules, and we see a rule that has more customizable properties than previous versions of the rules. The outbound rules are configured exactly the same as the inbound rules, and I don't repeat them, so let's take a look at the connection security rules.