Make good use of the firewall that comes with Windows Server 2008 system

System security has always been the top priority for local area network maintenance and management operations. In terms of ensuring the security of ordinary server operations, one of the most commonly used methods is to install network firewalls, professional anti-virus software, and various anti-spyware tools. However, relying on external forces to protect the security of the server system does make network administrators feel inconvenienced every time. After all, not every network administrator can afford genuine network firewalls and professional anti-virus software; in order to solve the problem of network management In order to solve the confusion of users, Windows Server 2008 system has specially strengthened the built-in firewall function. Network administrators can not only access the user configuration interface of the built-in firewall directly from the control panel window like in Windows XP system, but also access the built-in firewall user configuration interface from the control panel window. In the MMC console, you can configure various advanced functions of the built-in firewall as you like. By cleverly using the firewall program that comes with the Windows Server 2008 system, we can effectively protect the security of the local server system!

Multiple ways to enter the firewall

Although Microsoft has built the firewall function into the system starting from the Windows Administrators can only open the firewall program interface from the system's Control Panel window. In the Windows Server 2008 server system, the function of the system's built-in firewall has been greatly improved. Network administrators can not only access the user configuration interface of the built-in firewall directly from the control panel window like in the Windows XP system, but also Various advanced functions of the built-in firewall can be configured as desired from the MMC console.

In the Windows Server 2008 server system, we can enter the Windows configuration interface of the firewall in two ways, but the contents of the two configuration interfaces are different; the firewall configuration interface entered from the system control panel window is a basic interface. The interface is often suitable for junior users. The firewall configuration interface entered from the MMC console is an advanced interface. This interface is often suitable for advanced users. Advanced users can control the data inflow and outflow capabilities of the server system as they please. In addition, friends who like to operate under the DOS command line can also configure the server system's own firewall in command line mode through commands in the MS-DOS window, or use the method of creating security scripts to configure firewalls on multiple server systems. Automatic configuration of parameters. Of course, like the firewall program under the old version of the system, we can also control the configuration operation of the server system firewall through the power of group policy.

1. Enter from the control panel

We know that the original firewall program that comes with the system often only provides one-way protection capabilities for system security, which means that it can only intercept and review the data information flow entering the server system, and is less likely to cause problems due to improper configuration of firewall parameters. The security performance of the server system is degraded. When performing this preliminary configuration, we can open the basic configuration interface of the firewall through the control window of the server system. The following are the specific opening steps:

First, on the Windows Server 2008 server system desktop, click the "Start"/"Settings"/"Control Panel" command in sequence. In the pop-up system control panel window, find the Windows Firewall icon and double-click the icon with the mouse to open it. The basic configuration interface of Windows Firewall is shown in Figure 1;

Figure 1 Basic configuration interface of Windows Firewall

Secondly, click the "Enable or turn off Windows Firewall" option in the left display area of ​​the configuration interface, click the "General" tab in the pop-up interface, and open the tab setting page as shown in Figure 2. In this page We can directly select the "Enable" option to enable the firewall function that comes with the server system, or we can directly select the "Off" option to disable the system firewall function;

Figure 2 Firewall opening interface

When we enable the firewall function of the server system, by default, the firewall program will block all programs from accessing the external network at the same time, except for the options set in the "Exception" tab page. Here, the "Block all incoming connections" option is actually a very useful option, especially when the local server system is on a less secure network. This option can temporarily allow the system to disable any settings set in the "Exceptions" tab page. Once a program or service accesses the network, once the local server system is in a relatively safe working environment, we can uncheck the "Block all incoming connections" option to restore the previous normal setting operation.

Like the old version of the system, when making basic settings for the built-in firewall under the Windows Server 2008 server system, we can also set those programs or services that can directly access the network in the "Exceptions" tab page. We can directly add programs or services that need to access the external network by clicking the "Add Program" and "Add Port" buttons to unblock network access by the system firewall program.

If there are multiple network connections in the local server system, we can also enter the "Advanced" tab page of the firewall, and then select the target network connection that needs to be protected by the firewall according to the actual situation. If you find that many parameters in the firewall are not configured correctly, you can directly click the "Restore to Default Values" button in the "Advanced" tab page to quickly cancel all parameter modification operations in order to restore the system firewall parameter settings to the The default state when the system is initially installed.

2. Enter from the console

As we have mentioned before, we can only open the basic configuration interface of the server system firewall from the system control panel window. If we want to open the Advanced Security Firewall configuration interface of the Windows Server 2008 server system, we need to open it from the system console window. Enter, the following are the specific steps:

First open the "Start" menu of the Windows Server 2008 server system, click the "Run" command from it, enter the string command "mmc.exe" in the pop-up system run text box, click the Enter key and open the server system console window;

Secondly, in the console window, click the "File"/"Add/Remove Snap-in" option, select the Windows Firewall with Advanced Security option in the subsequent interface, click the "Add" button, and then select "Local Computer" " option, then click the "Finish" button, and finally click the "OK" button, so that we can see the system firewall advanced security settings page.

In the advanced security firewall configuration interface of the Windows Server 2008 server system, we can define a variety of different security configurations for the server system according to the actual working environment, and each configuration is relatively independent. For example, we can customize the security configuration suitable for the workplace LAN working environment in the firewall advanced security settings page, we can customize the security configuration suitable for the point-to-point network in the home working environment, and we can also customize the security configuration suitable for the public network environment in public places. configuration. Therefore, when the Windows Server 2008 server system is located in the company's LAN working environment, we can almost turn off the firewall that comes with the server system, because basically all the company's LAN networks have dedicated firewalls, and when the server system is in a public network environment When this happens, we need to take advantage of the server system's built-in firewall in a timely manner. After all, the server system is more likely to be illegally attacked in public places.

[Cut-Page]

Stay safe with a firewall

After becoming familiar with the firewall of the Windows Server 2008 server system, we can use our ingenuity to use the firewall to protect the security of the server system. Below, we will list two application examples to let everyone appreciate the powerful functions of Windows Server 2008 server system firewall!

1. Prevent Ping command attacks

In a LAN environment, some malicious users often use the Ping command to continuously send large-capacity data packets to the server system, which may cause the server system to crash. In addition, illegal attackers can also obtain the server system's information through some parameters of the ping command. Relevant running status information, and carry out targeted attacks on the server system based on this information. In order to protect the operational stability of the Windows Server 2008 server system and prevent the server host from being attacked by the Ping command, we can follow the following steps to set the security rules of the firewall:

First, click the "Start" button on the Windows Server 2008 server system desktop, click the "Programs" and "Administrative Tools" commands from the pop-up "Start" menu, and then select the "Windows Firewall with Advanced Security" option from the lower-level menu ;

Then the system will automatically pop up the Windows Firewall with Advanced Security configuration window. Click the "Inbound Rules" option in the list pane on the left side of the window, then right-click the option and select "New" from the right-click menu. "Rules" option, open the new rule creation wizard interface as shown in Figure 3, and select the "Customize" item in the interface;

Figure 3 New rule creation wizard interface

Then click the "Next" button, select the "All Programs" item on the subsequent page, and then follow the prompts to set the network protocol type to "ICMPv4", set the connection condition to "Block Connection", and set it according to the actual working environment Determine the specific occasion for applying the new rule, and finally give the newly created security rule an appropriate name, so that any illegal user in the LAN will not be able to ping the Windows Server 2008 server system.

[Cut-Page]

2. Prevent program vulnerability attacks

Many people often simply believe that as long as they install updated patches on the server system in a timely manner, they can ensure that the server system is not attacked by network viruses or Trojans; in fact, installing patches on the server system is just to plug the security loopholes in the system. But if there are vulnerabilities in the applications installed in the server system, there is still no way to guarantee the security of the server system. In order to effectively avoid server security risks caused by application vulnerabilities, we need to use system firewalls to deny applications with security vulnerabilities to connect or access the network. This can prevent Trojans or hackers in the network from using application vulnerabilities. Attacking the server's security. Next, we will set up the firewall program that comes with the Windows Server 2008 server system to prevent application vulnerability attacks:

First, on the Windows Server 2008 server system desktop, click the "Start"/"Settings"/"Control Panel" command in sequence. In the pop-up system control panel window, find the Windows Firewall icon, and double-click the icon with the mouse to open Windows Firewall. Basic configuration interface;

Next, click the "Change Settings" option in the basic configuration interface, and then click the "Exceptions" tab to open the tab settings page. Here we see a list of network programs that the system may use. The selected application is allowed to pass through the network. applications, and those applications that are not selected are applications that are not allowed to pass through the network;

If we find that there is no target vulnerable application in the corresponding label setting page, then we can click the "Add Program" button here, in the pop-up file selection dialog box, add and import the application with security vulnerabilities, and finally click The "OK" button will make the above settings take effect.

3. Forcefully protect all connections

Sometimes, we simply don’t know which applications have security vulnerabilities, so we cannot use the built-in firewall of the Windows Server 2008 server system to protect the security of the local server; at this time, we can modify the group policy of the Windows Server 2008 server system, To force the firewall program to automatically protect all network connections, the following are the specific setup steps:

First, open the "Start" menu on the desktop of the Windows Server 2008 server system, select the "Run" command from it, and enter the string command "gpedit.msc" in the run box that pops up to enter the group policy editing interface of the local server system;

Figure 4 Forcefully protect all connections

Secondly, position the mouse on the "Computer Configuration"/"Administrative Templates"/"Network"/"Network Connections"/"Windows Firewall"/"Standard Profile" branch option. Under the "Standard Profile" branch option, double-click with the mouse. "Windows Firewall: Protect all network connections" group policy option, open the target group policy properties interface as shown in Figure 4; select the "Enabled" item in the interface, and finally click the "OK" button. This way Windows Server The 2008 server system comes with a firewall that can forcibly protect all network connections in the future.

[Cut-Page]

Stay safe with a firewall

After becoming familiar with the firewall of the Windows Server 2008 server system, we can use our ingenuity to use the firewall to protect the security of the server system. Below, we will list two application examples to let everyone appreciate the powerful functions of Windows Server 2008 server system firewall!

1. Prevent Ping command attacks

In a LAN environment, some malicious users often use the Ping command to continuously send large-capacity data packets to the server system, which may cause the server system to crash. In addition, illegal attackers can also obtain the server system's information through some parameters of the ping command. Relevant running status information, and carry out targeted attacks on the server system based on this information. In order to protect the operational stability of the Windows Server 2008 server system and prevent the server host from being attacked by the Ping command, we can follow the following steps to set the security rules of the firewall:

First, click the "Start" button on the Windows Server 2008 server system desktop, click the "Programs" and "Administrative Tools" commands from the pop-up "Start" menu, and then select the "Windows Firewall with Advanced Security" option from the lower-level menu ;

Then the system will automatically pop up the Windows Firewall with Advanced Security configuration window. Click the "Inbound Rules" option in the list pane on the left side of the window, then right-click the option and select "New" from the right-click menu. "Rules" option, open the new rule creation wizard interface as shown in Figure 3, and select the "Customize" item in the interface;

Figure 3 New rule creation wizard interface

Then click the "Next" button, select the "All Programs" item on the subsequent page, and then follow the prompts to set the network protocol type to "ICMPv4", set the connection condition to "Block Connection", and set it according to the actual working environment Determine the specific occasion for applying the new rule, and finally give the newly created security rule an appropriate name, so that any illegal user in the LAN will not be able to ping the Windows Server 2008 server system.