Windows Server 2008 R2 Network security Smart Settings

Source: Internet
Author: User
Tags port number stateful firewall firewall

For the general Small and medium-sized enterprises, if you want to security management of the enterprise network, it is not necessarily expensive to buy professional firewall settings, directly with the operating system itself with the firewall function that can meet the general enterprise application, today we will come up to explore the Windows Server 2008 the power of the R2 system firewall. Skilled application of Windows built-in firewall, first need to understand the network location.

Network location

The first time you connect to a network, you must select a network location. This automatically sets the appropriate firewall and security settings for the type of network you are connecting to. If a user is connected to a network in a different location (for example, a home, local coffee shop, or office), selecting a network location can help ensure that the user's computer is always set to the appropriate security level.

In Windows Server 2008, there are four network locations:

Home network:

Select Home Networking for your home network or when users recognize and trust individuals and devices on your network. Computers in a home network can belong to a homegroup. For a home network, network discovery is enabled, allowing users to view other computers and devices on the network and to allow other network users to view the user's computer.

Work Network:

For a small office network or other workspace network, select Work Network. By default, network discovery is enabled, allowing users to view other computers and devices on the network and to allow other network users to view the user's computer, but users cannot create or join the homegroup.

Public network:

Select public networks for a network in a public place (for example, a coffee shop or an airport). This location is designed to make the user's computer invisible to the surrounding computer and to help protect the computer from any malicious software from the Internet. HomeGroup is not available on the public network and network discovery is disabled. This option should also be selected if the user is not using the router to connect directly to the Internet or has a mobile broadband connection.

Domain network:

The domain network location is used for domain networks, such as the network in the Enterprise workspace. This type of network location is controlled by the network administrator and cannot be selected or changed.

How Windows firewall affects network locations

When you connect to a network in a public place, the public network location prevents certain programs and services from running, which helps protect your computer from unauthorized access. If you are connected to a public network and Windows Firewall is turned on, some programs or services may require users to allow them to communicate through the firewall so that the programs or services can work correctly.

After a user allows a program to communicate through a firewall, the program is also allowed to communicate with each network that has the same location as the one currently connected to it. For example, if a user connects to a network in a café and chooses public network as a location, and then blocks blocking an instant messaging program, the blocking of that program will be lifted for all public networks to which they are connected.

If you plan to unblock multiple programs when connecting to a public network, consider changing the network location to a home or work network. In this context, this change may be more secure relative to each public network that the user is connected to. Keep in mind, however, that if this change is made, the user's computer will be visible to others on the network, and there is a security risk.

  Windows Fire prevention domain basic settings

When we install the system, the firewall feature is enabled by default, and the other computers are blocked from communicating with this computer as long as the network location is set up. To view the working state of the firewall, click System and Security in Control Panel to open Windows Firewall, and then you can see the status shown in the following illustration:

If you want to turn Windows Firewall on or off, just click on the "Open or close firewall" on the left, and then see the interface shown in the following illustration:

From this diagram you can see that the home network and the working network on the private network have firewall enabled, and all incoming connections are blocked.

But in practical applications, all incoming connections cannot be blocked, where users can set the corresponding "whitelist" to release some connections by clicking "Allow programs or functions through Windows Firewall" on the left-hand side of the firewall's working status screen, and the interface shown in the following image appears:

When you add a program to a list of allowed programs in a firewall or open a firewall port, you allow a specific program to send or receive information between your computer through a firewall. Allowing a program to communicate through a firewall (sometimes referred to as "unblock") is like opening a hole in a firewall.

The security of your computer is also reduced each time you open a port or allow a program to communicate through a firewall. The more your firewall has allowed programs or open ports, the greater the chances that hackers or malware will use these channels to propagate worms, access files, or use computers to spread malicious software to other computers.

  Firewalls the Advanced Security settings

Just the basic setup operation is simpler, but the function is single, if you need to further set Windows Firewall rules, you need to pass the "Advanced Security Windows Firewall" feature. Open the method as follows: Click Advanced Secure Windows Firewall in the Admin tool, or click Advanced Settings in the state of the firewall just now. As shown in the following illustration, you can then see the interface shown on the right.

What is Advanced Security Windows Firewall:

Use advanced Security Windows firewall to help users protect computers on the network. This firewall allows you to determine the network traffic that is allowed to be transmitted between the computer and the network. It also includes connection security rules that use Internet Protocol security (IPSEC) to protect traffic that is transferred between networks.

Advanced Security Windows Firewall is a stateful firewall that examines and filters all packets for IP version 4 (IPV4) and IP version 6 (IPV6) traffic. In this context, filtering means processing network traffic through administrator-defined rules, allowing or preventing network traffic. By default, incoming traffic is blocked unless it is a response to a host request (the requested traffic) or is specifically allowed (that is, a firewall rule that allows the traffic is created). You can configure the Advanced Security Windows firewall to explicitly allow traffic by specifying the port number, application name, service name, or other criteria.

To create a firewall rule:

You can create firewall rules to allow this computer to send traffic to programs, system services, computers, or users, or to receive traffic from programs, system services, computers, or users. When a user's connection matches all connections to this rule standard, it does one of the following three actions: Allow connections, allow only connections that are protected by using Internet Protocol security (IPSEC), and block connections.

You can create rules for inbound or outbound traffic. Configurable rules to specify computers or users, programs, services, or ports and protocols. You can specify the type of network adapter to apply a rule to: a local area network (LAN), wireless, remote access, such as a virtual private network (VPN) connection, or all types. You can also configure rules to be applied using any configuration file or only when you specify a profile, and you may have to change, create, disable, or delete rules when the IT environment changes.

Implementation of connection security:

Connection security includes authenticating the two computers before they start communication and ensuring the security of the information sent between the two computers. Advanced Security Windows Firewall uses Internet Protocol security (IPSEC) for connection security by using key exchange, authentication, data integrity, and data encryption (optional). Connection security rules use IPSEC to ensure that traffic is secure when it is passed over the network. Use connection security rules to specify that connections between two computers must be authenticated or encrypted. You may also want to create firewall rules to allow network traffic protected by the connection security rule.

What is a firewall configuration file:

A firewall profile is a method of grouping settings, such as firewall rules and connection security rules, that are applied to the computer depending on where the computer is connected. On computers running this version of Windows, there are three profiles for advanced secure Windows Firewall:

Each network adapter is the NIC that assigns a firewall profile that matches the type of network being detected. For example, if you connect a network adapter to a public network, all traffic that arrives or comes from that network is filtered by the firewall rules associated with the public configuration file.

Windows Server 2008 R2 and Windows 7 provide support for each active network adapter profile. In Windows Vista and Windows Server 2008, only one profile can be active on a computer at a time. If there are multiple network adapters that are connected to different networks, the profile with the strictest profile settings applies to all adapters on the computer. Public profiles are considered to be the strictest, then private profiles, and domain profiles are considered the least restrictive.

If you do not change the configuration file settings, the default values are applied as long as the advanced Security Windows firewall uses the configuration file. It is recommended that you enable advanced secure Windows firewall for all three profiles.

To configure these profiles, in the Advanced Security Windows Firewall MMC snap-in, right-click Advanced Security Windows Firewall, and then click Properties.

If the service or application you need to use does not appear in the list, the user can create it by creating a new rule, such as if the computer you are working on is a Web server and you need to open it to other users to connect to the site, you can open a 80-port rule by creating a new plan.

The local IP address is used by the local computer to determine whether the rule applies. The rule applies only to network traffic that is configured to use a network adapter that specifies a local IP address. Any IP address, select this option to specify a rule that matches a network packet with any address specified as a local IP address. When this option is selected, the local computer always matches the rule. The following IP address, select this option to specify that the rule matches network traffic with one of the addresses specified in local IP address. If the local computer does not use a network adapter configured with a specified IP address, the rule does not apply. On the IP Address dialog box, click Add to create a new entry in the list, or click Edit to change an existing entry in the list. You can also remove an entry from the list by selecting the item and then clicking Delete.

Remote IP Address: Specifies the remote IP address where the rule applies. If the destination IP address is one of the addresses in the list, the network traffic matches the rule. Any IP address, this option can specify that a rule match a network packet originating from (for inbound rules) or to any IP address contained in the list (for outbound rules). The following IP address, select this option to specify that the rule matches only network traffic with one address specified in remote IP address. In the IP Address dialog

You will also need to apply this firewall rule to the appropriate configuration file and interface type, so you need to specify the configuration file that this rule uses, Windows determines the network location type for each network adapter, and then applies the appropriate profile to that network adapter. An interface type refers to clicking Custom to specify the type of interface to which the connection security rule applies. The Custom Interface Type dialog box allows you to select any combination of all interface types or local area network, remote access, or wireless types. The last one to introduce is the edge traversal. Edge traversal allows the computer to accept unsolicited inbound packets that have passed through edge devices such as network address translation (NAT) routers or firewalls. The system defaults to preventing applications from receiving unsolicited traffic from the Internet through a NAT edge device. It can also be set to conform to the user or to comply with the application, and the so-called compliance user is to let the user decide whether to allow the traffic when the application requests to receive unsolicited traffic from the Internet through the NAT edge device. Complying with an application is to have each application determine whether it is allowed to receive unsolicited traffic from the Internet via a NAT edge device.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.