Shulou(Shulou.com)06/03 Report--

How to reasonably set up the firewall of Vista system to let it play its own role? in view of this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

One, using two interfaces to meet different needs, Vista Firewall has two independent graphical configuration interfaces: one is the basic configuration interface, which can be accessed through the "Security Center" and "Control Panel"; the other is the advanced configuration interface, which users can access as plug-ins after creating a custom MMC. This prevents connection breaks caused by inadvertent changes by novice users, and provides a way for advanced users to customize firewall settings in more detail and control outbound and inbound traffic. Users can also use commands in the netsh advfirewall context to configure the Vista firewall from the command line, write scripts to automatically configure the firewall for a group of computers, and control the settings of the Vista firewall through group policy. Second, the Windows firewall in the secure Vista under the default setting adopts the security configuration by default, while still supporting the best ease of use. By default, most inbound traffic is blocked and outbound connections are allowed. Vista Firewall works with Vista's new Windows service hardening feature, so if the firewall detects a behavior that is prohibited by Windows service hardening network rules, it blocks that behavior. The firewall also fully supports a pure IPv6 network environment. Basic configuration options using the basic configuration interface, users can turn on or off the firewall, or set the firewall to completely block all programs You can also allow exceptions (you can specify which programs, services, or ports are not blocked) and specify the scope of each exception (whether it applies to traffic from all computers, including computers on the Internet, computers on Lans / subnets, or computers where you specify an IP address or subnet) You can also specify which connections you want the firewall to protect, and configure security logs and ICMP settings. 4. ICMP message blocking by default, inbound ICMP echo requests can pass through the firewall, while all other ICMP messages are blocked. This is because the Ping tool is used periodically to send echo request messages for troubleshooting. However, the hacker can also send an echo request message to lock the target host. Users can block echo request messages through the Advanced tab on the basic configuration interface. Fifth, multiple firewall profiles with advanced security MMC plug-in Vista firewall allows users to create multiple firewall profiles on the computer, so that you can use different firewall configurations for different environments. This is especially useful for portable computers. For example, when a user connects to a public wireless hotspot, a more secure configuration may be required than when connecting to a home network. Users can create up to three firewall profiles: one to connect to a Windows domain, one to connect to a private network, and another to connect to a public network. 6. IPSec function through the advanced configuration interface, users can customize IPSec settings, specify security methods for encryption and integrity, determine whether the life cycle of keys is calculated by time or session, and select the desired Diffie-Hellman key exchange algorithm. By default, data encryption for IPSec connections is disabled, but you can enable it and choose which algorithms are used for data encryption and integrity. Security rules through the wizard program, users can gradually create security rules to control how and when secure connections are established between a single computer or a group of computers; connections can also be restricted according to criteria such as domain members or security conditions, but the specified computer may not meet the connection verification requirements You can also create rules that require authentication when two specific computers (server-to-server) connect, or use tunnel rules to verify connections between gateways. Custom verification rules when creating custom verification rules, you should specify a single computer or a group of computers (through the IP address or address range) to be the connection endpoint. Users can request or require authentication of inbound connections, outbound connections, or both. 9. Inbound and outbound rules users can create inbound and outbound rules to block or allow specific programs or ports to connect; they can use preset rules or create custom rules. The New Rule Wizard can help users step through the steps of creating rules. Users can apply rules to a set of programs, ports, or services, or to all programs or to a particular program; they can block all connections from a software, allow all connections, or only allow secure connections, and require encryption to protect the security of data sent over the connection You can configure source IP and destination IP addresses for inbound and outbound traffic, as well as rules for source TCP and UDP ports and destination TCP and UPD ports. Active Directory based rules users can create rules to block or allow connections based on active Directory users, computers, or group accounts, as long as the connection is secured through an IPSec with Kerberos v5 (containing active Directory account information). Users can also enforce network access protection (NAP) policies using the Windows firewall with advanced security features. Windows Meeting Space (WMS) is a new program built into Windows Vista that makes it easy for up to 10 collaborators to share desktops, files, and presentations and send personal messages to each other over the network.

This is the answer to the question about how to reasonably set up the firewall of the Vista system to make it alone. I hope the above content can be of some help to everyone. If you still have a lot of doubts to be solved, you can follow the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.