Win2003 the setting of the self-firewall with the tutorial _win server

One of the characteristics of worm viruses such as "shock wave" is the use of a vulnerable operating system for port attacks, so the simple way to prevent such viruses is to block unnecessary ports, firewall software has this function, in fact, for the use of Windows2003 or Windows XP users, You do not need to install any other software, because you can take advantage of the system's own "Internet Connection Firewall" to protect against hacker attacks.

One of the characteristics of worm viruses such as "shock wave" is the use of a vulnerable operating system for port attacks, so the simple way to prevent such viruses is to block unnecessary ports, firewall software has this function, in fact, for the use of Windows2003 or Windows XP users, You do not need to install any other software, because you can take advantage of the system's own "Internet Connection Firewall" to protect against hacker attacks.

First, the basic settings

1. Right-click My Network Places and choose Properties.

2, then the right mouse click "Local Connection", select "Properties", the Figure 1 interface appears. Select the "Advanced" option to select "Internet Connection Firewall" to make sure that the firewall is functioning.

Figure 1

Second, the basic test settings

1, in another for a machine ping this computer, appear request timed out express ping different this machine

2, on the other for a machine with the vulnerability Scanning Tool scan the computer found no open port.

After these two tests pass, the firewall is already functioning.

Third, advanced settings

Click on the "Setting (G) ..." button in Figure 1 to show the advanced settings in the Figure 2 interface.

Figure 2

1, select the service to be opened

As shown in Figure 3, if the confidential opening of the corresponding services to select the service, this example selected the FTP service, so from other machines can be FTP to this machine, scanning this machine can find 21 ports are open. You can press the Add button to add the appropriate service port.

Figure 3

2, set the log

As shown in Figure 4, select the items to be recorded, the firewall will record the corresponding data, the log default in C:\windows\pfirewall.log, with Notepad can be opened to see.

Figure 4

3. Set ICMP protocol

As shown in Figure 5, the most commonly used ping is the ICMP protocol, the default settings after the ping does not pass this machine is because the ICMP protocol blocked, if you want to ping this machine simply "Allow incoming response request" a check.

Figure 5

Iv. some questions

Setup is very simple, but I am in the process of setting up others, some people raised the following questions, I do not know if you also have the following confusion?

1, the port is blocked how to communicate with other computers?

When you are done by default, you can see that you have not added a port, and that the port is sealed. How do you communicate with other computers?

Communication on the Internet is done by the TCP/IP protocol, while the Internet access to the Web page, is on the computer randomly open a port greater than 1024 to connect the server's 80 service ports, Using the Telnet protocol to log on to other devices is also a random open on the local port greater than 1024 to connect the server's 23 service ports. Internet Connection Firewall is a service port, such as HTTP 80 port, FTP 21 port, Telnet 23 port and so on, as long as the system provides these services, one boot these ports are open, waiting for other computers to connect to the service-providing computer, It can be said that these ports are valid for a long time. And randomly opened the port is temporary, for example, when you access a Web site, your computer randomly open a port 1026 to connect to the Web server 80 port, when the access finished closed the page, the machine's 1026 port with the shutdown, and the server's 80 ports are always open. There is a visible "Internet Connection Firewall" is a closed service port, rather than a temporary open port, so a port is not added to the normal Internet. WIN98 default does not provide any service on the open port, not the same as normal Internet?

General Internet users do not provide any services, so there is no need to open any ports, but to use some network contact tools, such as to open the FTP service, the "21" This port will be opened, similarly, if you find that a common network tool does not work, please check it in the port open, and then in the " Add ports in Internet Connection Firewall.

2, set the "Internet Connection Firewall" with netstat–na command to see, but the port or open?

Some people think that as soon as there is no port open, you can set up after the Netstat–na command to see the open port and not set before the same a lot, did not play a role?

The port is actually opened by a process of a service, and closing a port completely closes the service, such as shutting down the 80 port to stop the WWW service. And we use "Internet Connection Firewall" is to build a firewall on the periphery, a simple analogy, a house has a lot of doors, to ensure that there are two ways to safety, one is to block the door with bricks, and the second is to keep the door, in the house around the building a wall. The first way to close a port with an end process is to use the second method of "Internet Connection Firewall", although it is open to see the port with Netstat–na, but an airtight wall has been built on the periphery.

How do I know if the firewall is working? The easiest way to do this is to scan the machine with scanning tools like Xscan and Superscan on another machine, without opening a port that says there is no loophole in building a wall around the house.

3, does not scan the software how to test the local port on the remote to open

If you do not have scanning software on hand, you can use the Telnet command to test whether the appropriate port is open, for example, to test whether Port 21 is open. You can telnetxxx.xxx.xxx.xxx21 on another machine, and if the port opens, a prompt will appear, and a connection failure if it is not open.