How administrators can effectively protect server and network security

If you ask the network administrator how to effectively protect the server and network security, I am afraid 90% of them will answer: update the patch and install the firewall on the local computer. Indeed, these two measures are the most effective way to improve security. To update patches, we only need to enable the automatic update function provided by the windows operating system, it is difficult to install a firewall on a local computer and configure appropriate security policies. Rising Star, Jiang min and other domestic firewalls have poor protection performance, while norton and Kaspersky abroad occupy too much system resources. How to choose a suitable firewall becomes a difficult task.

Some people may have heard that windows has a built-in firewall in XP SP2 and WINDOWS 2003, but this firewall has some functionality. Today, I would like to introduce to you the free-of-charge firewall that exists in the windows System for IT168 readers. It is different from the built-in firewall that we usually call, but he can provide better security policies. He is the main character of this article-ipsec.

I. Basic IPSEC concepts:

IPSEC is frequently used when establishing a VPN. However, many people ignore an ip filter, which is a small component. IP Filter is included in IP Security (IPSec) and is a new technology added after 2 k Windows. The working principle is very simple. When an IP packet is received, ip filter uses its header to match in a rule table. When a matching rule is found, ip filter processes the received IP data packets according to the method specified in the rule. There are only two types of processing work: discard or forward.

As mentioned above, ip filter is only a part of IPSec functions. For individual users not in the domain, IPSec data encryption is not available. Therefore, this article mainly introduces how to use IP Filter to build a firewall and implement some functions of common firewalls.

2. Preparations for using IP Filter as a Firewall:

Because IP Filter is part of IPSec, you must ensure the normal operation of the IPSEC service before using and configuring IP Filter. In the task bar, choose Start> Run and enter services. msc to enter the service settings window. In the service settings window, find the service named ipsec services to ensure that it is "started. (1) If the service is not started, double-click its name and click "start" to start the service manually. Then, you need to set the startup mode to "automatic ", in this way, the IP Filter Firewall Information set below can be enabled as the system starts, so as to ensure that the data packet filtering function takes effect. (2)

TIPS: if you do not find the ipsec services Service in the service name, do not worry, this service can be in Windows 2000 full series/XP Pro /.. Net Server, but this function is not supported in xp home. Therefore, if the service is not found, your system does not meet the requirements and you have to give up.

3. Configure IP Filter:

Readers who have configured firewalls or FILTER policies can easily configure IP filters. The Configuration Policy is the same as the access control list and filter rules. We use MMC to load the IPSEC module to implement this function.

Step 1: Enter MMC in the task bar "start-> Run" to start the management unit Console window. (3)

Step 2: By default, there is only one option for "Console Root Node. In the main menu, choose File> Add/delete Management Unit to load the IPSEC module. Step 3: click Add in the displayed Add/delete management unit window.

Step 4: Find "IP Security Policy Management" in the "add independent management unit" option, and click "add" to add

Step 5: The system will ask which computer or domain the management unit you choose to manage. Because we operate on a local computer, select "Local Computer" and click "finish". Step 6: after adding the IP address security policy, we will see step 7 of the "IP address security policy" project under "Console Root Node" in the console window: In "IP address security policy, on the local computer, right-click and choose manage IP Filter table and filter operation to start configuring our firewall policy tips: in fact, we can not only use the IPSEC module by loading the root node console through MMC, but also enter secpol in "start-> Run" on the taskbar. msc, you can directly select "manage IP Filter table and filter operation" in the window that opens ". This method is simpler and faster.

Step 8: In the pop-up "manage IP Filter tables and Filter Operations" window, there are two items by default. One is to filter all ICMP traffic, the other is to filter the traffic of all IP addresses. You can click "add" to add a rule.

Step 9: the system automatically generates a rule named "new IP Filter list". In this window, we click the "add" button to add a specific filter item.

Step 2: First, we specify the source address for IP communication, similar to the source address in the rule. What we can choose from is "a specific IP address sub-network" (a region includes the network number and subnet mask), "a specific IP address" (an address ), "A specific DNS name" (filter the domain name, even if its IP address is changed), "Any IP address" (all IP addresses ), "My IP address" (local IP address ). After setting, click "Next" to continue.

Step 2: Specify the destination address for IP communication, similar to the destination address in the rule. What we can choose from is "a specific IP address sub-network" (a region includes the network number and subnet mask), "a specific IP address" (an address ), "A specific DNS name" (filter the domain name, even if its IP address is changed), "Any IP address" (all IP addresses ), "My IP address" (local IP address ). After setting, click "Next" to continue.

Step 2: When you want to filter a domain name, you can select "a specific DNS name" at the destination address and enter the corresponding domain name at the host name. For example, step 3 of sohu.com: Because sohu.com corresponds to many IP addresses and is a dynamic IP address. Therefore, the system first checks the local DNS Cache and reads the corresponding IP address in the cache for filtering.

Step 2: select the communication protocol type, including common TCP and UDP protocols. You can also set it to any V. Step 2: complete the IP Filter creation wizard, click the "finish" button to end step 1 of this operation: we will see the added rule in the IP Filter list window we have just seen. Because these rules are all in the same filter, they can take effect at the same time.

Step 2: click "add" and "close" to save the previous settings. We will see the newly created filter named "new IP Filter list" in "IP Filter list ".

Tip: by default, IP Filter is used unilaterally. For example, if Source: A, Destination: B, the firewall only applies to traffic of A-> B, the traffic to B-> A is omitted. If Mirror is selected, the firewall processes the two-way traffic of A <-> B (equivalent to adding two rules at A time ).

At this time, when we access the sohu.com website through the local machine, we will receive a response message of failure. Of course, this article only introduces how to create a simple filter rule. In actual use, the source address and target address are clearly filtered, after using the protocol, you can use this method in combination with the IP Filter in IPSEC to implement the firewall's function of filtering illegal data packets.

4. Advanced IP Filter skills:

(1) filtering rules for Backup Settings:

If we have already created many filtering rules, how can we save them for future use or use them on other computers? In fact, the operation is very simple. In "IP Security Policy, right-click on the Local Computer" and select "Export Policy" under "all tasks. When we use the "Import Policy" under "all tasks" on other computers, multiple computers can quickly use the same policy.

(2) A single firewall also requires multiple policies:

Some readers may use laptops, which are often used at home and in exchange with companies. How can we make the IP Filter Single Filter System have multiple policies? That is to say, you should use one filtering solution at home and another one at the company.

The method is simple. Just create multiple filters in the "IP Filter list" according to the above steps, and name them "company IPSEC Settings" and "Home IPSEC Settings" in sequence ". In this way, you can use different filter lists in different places.

(3) restore the initial settings quickly:

IP Filter has a default setting. When we add one or more Filter rules for the IP Filter, we find that the network is unavailable. This indicates that a problem occurs when we add rules. How can this problem be solved quickly? You can delete filtering rules one by one, but it is too troublesome. We can use "Restore Default Settings" in IP Filter to complete the process. In the IP Security Policy, right-click the Local Computer and select "Restore Default policy" under "all tasks. In this way, all policies we set will be cleared.

Summary:

Some readers may ask what are the advantages of IP Filter in IPSec? In fact, there is another method to use IP Filter, right-click network neighbor on the desktop-> properties-> right-click any network adapter-> properties-> TCP/IP-> advanced-> options-> TCP/IP filtering, there are three filters: TCP port, UDP port, and IP protocol. However, the filtering process here is relatively simple. It is suitable for pure server applications and cannot block IP addresses. The functions are not as good as described above. In addition, the IP Filter in IPSec cannot process ICMP well (the specific content cannot be filtered/retained). If there are requirements for this, you can use Routing & Remote Access for processing (This component is available in Server or later versions ).