1. Home > Operating_system >

Correct settings to make the Windows Vista firewall work

One. Two interfaces are used to meet different needs.

The Vista firewall has two independent graphical configuration interfaces: One is the basic configuration interface, which can be accessed through the "Security Center" and "Control Panel"; It is an advanced configuration interface, after the user creates a customized MMC, it can be accessed as a plug-in. This prevents novice users from unintentionally changing the connection and interrupts the connection. It also provides a way for advanced users to fine-tune firewall settings and control outbound and inbound traffic. Users can also use commands in the context of netsh advfirewall to configure the Vista firewall from the command line; they can also write scripts to automatically configure the firewall for a group of computers; they can also control the settings of the Vista firewall through group policies. 2. Security under the default settings The Windows firewall in Vista adopts a security configuration by default, while still supporting the best ease of use. By default, most inbound traffic is blocked and outbound connections are allowed. The Vista firewall can work with the new feature of Vista's Windows service hardening, so if the firewall detects a behavior that is prohibited by the Windows service hardening network rules, it will block the behavior. The firewall also fully supports a pure IPv6 network environment. 3. Basic configuration options Using the basic configuration interface, users can start or close the firewall, or set the firewall to completely block all programs; exceptions can also be allowed (you can specify which programs, services or ports are not blocked), and specify each exception The scope of the situation (whether it applies to traffic from all computers, including computers on the Internet, computers on a LAN/subnet, or computers that you specify an IP address or subnet); you can also specify which connections you want the firewall to protect, and Configure security log and ICMP settings. 4. ICMP message blocking By default, inbound ICMP response requests can pass through the firewall, while all other ICMP messages are blocked. This is because the Ping tool is regularly used to send response request messages for fault diagnosis. However, the hacker can also send a response request message to lock the target host. The user can block the response request message through the "Advanced" tab on the basic configuration interface. Five, multiple firewall configuration files Vista firewall with advanced security MMC plug-in allows users to create multiple firewall configuration files on the computer, so that different firewall configurations can be used for different environments. This is especially useful for portable computers. For example, when a user connects to a public wireless hotspot, it may require a more secure configuration than when connecting to a home network. Users can create up to three firewall profiles: one for connecting to a Windows domain, one for connecting to a private network, and another for connecting to a public network. 6. IPSec function Through the advanced configuration interface, users can customize IPSec settings, specify the security method used for encryption and integrity, determine whether the life cycle of the key is calculated by time or by session, and select the required Diffie-Hellman key Exchange algorithm. By default, the data encryption function of IPSec connection is disabled, but you can enable it and select which algorithms are used for data encryption and integrity. 7. Security rules Through the wizard program, users can gradually create security rules to control how and when to establish a secure connection between a single computer or a group of computers; it can also restrict connections based on criteria such as domain membership or security status, but allows The specified computer may not meet the connection verification requirements; you can also create rules that require verification when connecting two specific computers (server to server), or use tunnel rules to verify the connection between the gateways. 8. Customized verification rules When creating a custom verification rule, a single computer or a group of computers (through IP address or address range) must be designated as the connection endpoint. Users can request or require verification of inbound connections, outbound connections, or both. 9. Inbound and outbound rules Users can create inbound and outbound rules to block or allow specific programs or ports to connect; you can use preset rules or create custom rules. The "New Rule Wizard" can help The user completes the steps of creating a rule step by step; the user can apply the rule to a group of programs, ports, or services, or apply the rule to all programs or a specific program; it can block a certain software from making all connections, allow all connections, or Only secure connections are allowed, and encryption is required to protect the security of the data sent through the connection; the source and destination IP addresses can be configured for inbound and outbound traffic, as well as the source TCP and UDP ports and destinations Local TCP and UPD port configuration rules. 10. Rules based on Active Directory Users can create rules to block or allow connections based on Active Directory users, computers or group accounts, as long as the connection is secured by IPSec with Kerberos v5 (including Active Directory account information). Users can also use the Windows firewall with advanced security features to implement network access protection (NAP) strategies. Windows Meeting Space (WMS) is a new program built into Windows Vista. It is convenient for up to 10 collaborators to share desktops, files and presentation documents, and to send personal messages to each other over the network.

This article is published by www.internetweblist.com and does not represent the position of www.internetweblist.com/:http://www.internetweblist.com/Operating_system/31258.html

Contact Us

Online consultation:click here to give a message