Using Windows 2003 to construct campus network server firewall

Source: Internet
Author: User
Tags interface log web services port number firewall
window| Firewall | Server in the daily management and maintenance of campus network, network security is getting more and more attention. Whether the campus network server is safe will directly affect the normal education and teaching work of the school. In order to improve the security of the campus network, the first thing that the network administrator thought is to have a hardware firewall or a software firewall, but the hardware firewall is expensive, the software firewall is not expensive, this is a heavy burden for the broad and middle schools which are more nervous about teaching funds. This author unifies own work experience, talks about how uses the firewall function which Windows 2003 provides for the campus network server constructs the security defense line.

The Windows 2003 Firewall feature describes the firewall provided by Windows 2003, called an Internet Connection Firewall, that allows secure network traffic to enter the network through a firewall, while denying access to unsecured traffic and keeping the network safe from external threats. The Internet Connection Firewall is included only in Windows Server 2003 Standard Edition and the 32-bit version of Windows Server 2003 Enterprise Edition.

Internet Connection Firewall settings on Windows 2003 servers enable firewall functionality for computers that are directly connected to the Internet, and support network adapters, DSL adapters, or dial-up modems to connect to the Internet.

1. Start/Stop Firewall

(1) Open Network Connections, right-click the connection you want to protect, click Properties, and the Local Area Connection Properties dialog box appears.

(2) Click the Advanced tab to see the Start/Stop firewall interface as shown in Figure 1. If you want to enable Internet Connection Firewall, select the Protect my computer and network by restricting or preventing access to this computer from the Internet check box, and if you want to disable Internet Connection Firewall, clear the above selections.

2. Firewall service Settings

Windows 2003 Internet Connection Firewall manages service ports, such as HTTP 80 ports, FTP 21 ports, and so on, so long as the system provides these services, the Internet Connection Firewall can monitor and manage these ports.

(1) Standard service settings
We take the standard Web services provided by Windows 2003 servers for example (default port 80), the steps are as follows: Click the Settings button in the interface shown in Figure 1 to appear as shown in Figure 2, the Service Settings dialog box, and in the Service Settings dialog box, select the Web server (HTTP) complex option , click the OK button. When set up, network users will not be able to access other network services provided by the server outside of the Web service.




Figure 2 Service Setup dialog box


Note: You can choose from the services provided by Windows 2003 servers, and you can select multiple selections. The common standard service system has been preset in the system, you only need to select the appropriate option. If the server also provides non-standard services, it needs to be manually added by the administrator.

(2) Non-standard service settings

Let's take the example of opening a non-standard Web service through Port 8000. In Figure 2, in the Service Settings dialog box, click the Add button, the Service Add dialog box appears, in which you fill in the service description, IP address, port number used by the service, and select the protocol you are using (the Web service uses the TCP protocol, the DNS query uses the UDP protocol), and then click OK. When the settings are complete, network users can access the corresponding service through port 8000, while access to the unauthorized TCP and UDP ports is quarantined.

3. Firewall Security Log Settings

In Figure 2, in the Service Settings dialog box, select the Security Log tab, the Security Log Settings dialog box appears, select the items you want to record, and the firewall will record the corresponding data. The log file default path is C:\Windows\Pfirewall.log and can be opened with Notepad. The generated security log is used in the format of the Common book extension log file, which can be viewed with the usual log analysis tools.

Note: It is necessary to establish a security log that can provide reliable evidence when server security is compromised.

Internet Connection Firewall Application Thinking Internet connection firewalls can effectively intercept illegal intrusion against Windows 2003 servers, prevent illegal remote hosts from scanning the servers, and improve the security of Windows 2003 servers. At the same time, can also effectively intercept the use of operating system vulnerabilities for port attacks, such as the Blaster worm virus. Enabling this firewall feature on a virtual router constructed with Windows 2003 can provide a good protection for the entire internal network. The above is the author in the daily work of some experience, I hope to be able to provide you with reference.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.