The firewall function in Microsoft 's Windows Server 2003 is so rudimentary that many system administrators regard it as useless. It has always been a simple, host-based stateful firewall that only supports inbound protection. As Windows Server 2008 comes closer to us, its built-in firewall function has been greatly improved. Let's take a look at how this new advanced firewall will help us protect our systems and how to configure it using the management console unit.
Why should you use this host-based firewall for Windows?
Many companies today are using external security hardware to harden their networks. This means that they use firewalls and intrusion prevention systems to build an ironclad wall around their networks, protecting them naturally from malicious attackers on the Internet. However, if an attacker is able to breach the perimeter defenses and gain access to the internal network, only Windows Certification security will prevent them from accessing a company's most valuable asset - their data.
This is because most IT professionals don't use host-based firewalls to harden their servers. Why does this happen? Because most IT professionals believe that deploying host-based firewalls causes more trouble than the value they bring.
I hope that after reading this article you will take a moment to consider Windows host-based firewalls. In Windows Server 2008, this host-based firewall is built into Windows, comes pre-installed, has more features than previous versions, and is easier to configure. It is one of the best ways to harden a critical base server. Windows Firewall with Advanced Security combines host firewall and IPSec. Unlike Perimeter Firewall, Windows Firewall with Advanced Security runs on every computer running this version of Windows and provides local protection against network attacks that may cross the perimeter network or originate within the organization. It also provides computer-to-computer connection security, allowing you to require authentication and data protection for communications.
The built-in firewall in Windows Server 2008 is now "advanced". It's not just me saying it's advanced, Microsoft has now called it Windows Firewall with Advanced Security (WFAS for short).
Here are the new features that justify its new name:
1. New graphical interface.
Now configure this advanced firewall through a management console unit.
2. Two-way protection.
Filter outbound and inbound communications.
3. Better cooperation with IPSEC.
Windows Firewall with Advanced Security integrates Windows Firewall functionality and Internet Protocol Security (IPSec) into a single console. Use these advanced options to configure key exchange, data protection (integrity and encryption), and authentication settings the way your environment requires.
4. Advanced rule configuration.
You can create firewall rules for various objects on Windows Server and configure firewall rules to block or allow traffic through Windows Firewall with Advanced Security.
When an incoming packet reaches your computer, Windows Firewall with Advanced Security inspects the packet and determines whether it meets the criteria specified in the firewall rules. If the packet matches the criteria in the rule, Windows Firewall with Advanced Security performs the action specified in the rule, i.e. blocks the connection or allows the connection. If a packet does not match the criteria in the rule, Windows Firewall with Advanced Security drops the packet and creates an entry in the firewall log file (if logging is enabled).
When configuring a rule, you can choose from a variety of criteria: such as application name, system service name, TCP port, UDP port, local IP address, remote IP address, configuration file, interface type (such as network adapter), user , user group, computer, computer group, protocol, ICMP type, etc. Criteria in a rule are added together; the more criteria you add, the more finely Windows Firewall with Advanced Security matches incoming traffic.
By adding two-way protection, a better graphical interface and advanced rule configuration, Windows Firewall with Advanced Security is becoming as powerful as traditional host-based firewalls such as ZoneAlarm Pro.
I know the first thing any server administrator thinks about when using a host-based firewall is: Will it affect the normal operation of this critical server infrastructure? However, this is a possible problem with any security measure, Windows 2008 Advanced Security The firewall will automatically configure new rules for any new roles added to this server. However, if you are running a non-Microsoft application on your server and it requires inbound network connectivity, you will have to create a new rule based on the type of communication.