Shulou(Shulou.com)05/31 Report--

This article will explain in detail how to skillfully use the security strategy of WINDOWS IP. The content of the article is of high quality, so the editor will share it with you for reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

The security of windows server can be protected by setting IP security policy. IP security policy is one of the necessary skills for every Windows system operation and maintenance staff.

IP security policy, to put it simply, can release and block relevant ports by making corresponding policies; release and block related IP to achieve a certain degree of system security.

Demand: the hardware firewall in the computer room is not yet in place, and the business department hopes to limit the limited IP access to port 3389 through the system security policy.

Implementation steps:

1. Open the local security policy:

Start-run-enter secpol.msc or start-programs-Administrative tools-Local Security Policy

In the pop-up window, right-click the IP security policy to create an IP security policy on the local computer:

2. Create a new IP security policy. Do not check "activate default response rules" and "Edit Properties".

4. Establish a rule to block all access to ports and IP addresses.

Block any IP address

Block any protocol type

3. Below, we need to release one by one. In fact, the specific process is the same as above. Setting "IP filter list" can be changed to allow relevant ports and protocols. The default remote port is 3389.

4. Finally, let the policy take effect: right-click the IP security policy and assign it.

5. If you want to allow a large number of ip and ports, and you are tired to enter one by one, you can directly export the policy backup and then import it directly on other machines.

Import method of ip security policy:

Start > run > gpedit.msc

Computer configuration > windows Settings > Security Settings > IP Security Policy > right-click > all tasks > Import Policy

Allocation is required before it can be enabled after import.

All right, basically, this is ok.

Add:

In addition to the port 3389 released above, ports 80,443 and other ports should also be released in the actual production environment, otherwise others will not be able to access your website. if your website is called to visit someone else's website, then you have to release the external 80 port number of the server (because all internal or external ports are blocked).

The port of the database is generally recommended not to be released, but can be operated directly in the server. If you do not want to connect to the database locally, you can do the same as the remote connection setting, just release the relevant IP. There are other ports that can be released according to their own needs.

In addition, sometimes there may be an open security policy error "the following error occurred while saving ip security data: the specified service does not exist as an installed service. (80070424) this is because the service" IPSEC Services "is not turned on.

On the clever use of WINDOWS IP security strategy is shared here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.