And as Windows Server 2008 gets closer to us, its built-in firewall capabilities are dramatically improved. Let's take a look at how this new advanced firewall will help protect our system and how to configure it using the Management console unit.
Why should you use this Windows host-based firewall?
Today, many companies are using external security hardware to reinforce their networks. This means that they use firewalls and intrusion protection systems to build a fortress around their networks to protect them from the intrusion of malicious attackers on the internet. However, if an attacker can break the perimeter and gain access to the internal network, only Windows authentication security will prevent them from accessing the company's most valuable assets-their data.
This is because most it people do not use host-based firewalls to secure their servers. Why is this happening? Because most it people think that the hassle of deploying host-based firewalls is greater than the value they bring.
I hope that after you finish reading this article, you can take a moment to consider the host-based firewall of Windows. In Windows Server 2008, this host-based firewall is built into Windows, has been pre-installed, has more functionality than previous versions, and is easier to configure. It is one of the best ways to reinforce a critical base server. Windows Firewall with Advanced Security combines host firewall and IPSec. Unlike a border firewall, Windows Firewall with Advanced Security runs on each computer running this version of Windows and provides local protection for network attacks that may traverse the boundary network or originate within the organization. It also provides connection security for your computer to your computer, allowing you to require authentication and data protection for traffic.
So what does this Windows Server advanced firewall do for you, and how do you configure it? Let's keep watching.
The functionality of the new firewall and its help to you
This built-in firewall in Windows Server 2008 is now "advanced". This is not just me saying it advanced, Microsoft has now called it Advanced Security Windows Firewall (WFAS).
Here's a new feature that will prove the new name:
1, the new graphical interface.
Now configure this advanced firewall with a management console unit.
2, two-way protection.
Filter outbound and inbound traffic.
3, with IPSec better cooperation.
Windows Firewall with Advanced Security integrates Windows Firewall features and Internet Protocol security (IPSEC) into a single console. Use these advanced options to configure key exchange, data protection (integrity and encryption), and authentication settings in the manner that your environment requires.
4, Advanced rule configuration.
You can create firewall rules for various objects on Windows Server, and configure firewall rules to determine whether traffic is blocked or allowed through Windows Firewall with Advanced Security.
When an incoming packet arrives at the computer, Windows Firewall with Advanced Security checks the packet and determines whether it complies with the criteria specified in the firewall rules. If the packet matches the criteria in the rule, Windows Firewall with Advanced security executes the action specified in the rule, which blocks the connection or allows the connection. If the packet does not match the criteria in the rule, Windows Firewall with Advanced security discards the packet and creates an entry in the firewall log file (if logging is enabled).
When you configure a rule, you can choose from a variety of criteria such as application name, system service name, TCP port, UDP port, local IP address, remote IP address, configuration file, interface type (such as network adapter), user, user group, computer, Computer group, protocol, ICMP type, and so on. The criteria in the rule are added together; the more standards you add, the finer the incoming traffic is matched by Windows Firewall with Advanced Security.
By adding two-way protection, a better graphical interface, and advanced rule configuration, this advanced security Windows Firewall is becoming as powerful as a traditional host-based firewall, such as ZoneAlarm Pro.
I know that the first thing any server administrator can think of when using a host-based firewall is: Does it affect the proper functioning of this critical server base application? However, for any security measures this is a possible problem, Windows The 2008 Advanced Security firewall automatically configures new rules automatically for any new roles that are added to this server. However, if you run a non-Microsoft application on your server and it requires an inbound network connection, you will have to create a new rule based on the type of communication.
By using this advanced firewall, you can better fortify your server against attack, let your servers not be exploited to attack others, and really determine what data is going in and out of your server. Let's take a look at how to achieve these goals.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.