Network discovery improves the security of Windows 7 clients

When everyone used the XP operating system, users would complain why they could not find the XP client in the network neighborhood. For example, a printer is connected to the XP operating system and the sharing is set. Then I want to connect a shared printer to other computers, but I can't find the client computer with XP operating system. Even if you turn off the firewall, it still has no effect in the same workgroup. Experts from various fields have also made a lot of solutions for this purpose. But these solutions can solve this problem in the end, but it is more complicated to configure. And because of the different XP configuration environment, a solution can not solve this problem in all configuration situations.

But this has been greatly improved in the upcoming Windows 7 client. A "network discovery" management platform is provided in this Windows 7 operating system. Through this platform, you can control whether this Windows 7 client can be found by other clients on the network. As shown in the figure below, it is a screenshot of the network discovery management platform. It is an option under the Windows 7 network configuration file.

Safety style="DISPLAY: inline-block; BORDER-LEFT-COLOR: #000000; FILTER: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='/tech/UploadPic/2010927/201092793915341.PNG', s sizingMethod='scale'); BORDER-BOTTOM-COLOR: #000000; WIDTH: 607px; BORDER-TOP-COLOR: #000000; HEIGHT: 178px; BORDER-RIGHT-COLOR: #000000">

First, the basic configuration of network discovery.

Where is the network found in the Windows 7 operating system? In short, network discovery has two main functions. The first is to determine whether the Windows 7 client computer can find other hosts or network devices on the network; the second is to determine whether other hosts on the network can find your client computer. Simply put, network discovery is like a weather vane. If you open it, you can find others and others can know you. But if you turn off this weather vane, even if you connect to the network, other clients can't find you; also you can't see each other in the network neighborhood.

Network Discovery has three basic configuration options, namely enabling network discovery, turning off network discovery and custom configuration. Although only the configuration options are shown in the figure above, a third configuration option can be derived from the use of a firewall.

1. Enable network discovery. If you choose this option, Windows 7 clients can see other hosts or network devices on the network; other clients can also see this Windows 7 client computer. For this reason, if you set up a shared folder or shared network device on this computer, it will be very convenient. Because the network neighbor can directly see this client computer without any other settings. However, at this time, all clients may see this client and the folders or printers shared on it, which will have a certain impact on its security. Therefore, while enabling network discovery, it is best to use some security measures to ensure the security of these shared files. For example, set the shared folder to read-only or set the shared password and so on.

2, close the network discovery. This setup option is the opposite of enabling network discovery. If set to turn off network discovery, the operating system will prevent other clients from seeing this client on the network, even in the same workgroup. Then this client can't see other clients and network devices on the network. This can greatly guarantee its security. Normally, if you use the Windows 7 operating system as a stand-alone machine, you can set it to "Turn off network discovery." Thereby safeguarding its own security.

3, custom configuration. The two options above are actually the two extremes of network discovery. Each option corresponds to a series of default configurations. But sometimes, we may wish to take the middle road. If you want a deployment, Windows 7 clients can find hosts on the network, but other clients cannot see their existence. Or maybe only certain computers can find them in their online neighborhoods and use their shared resources. Simply put, the "Enable Network Discovery" option is only valid for specific clients. Under the previous XP operating system, it was impossible to implement this function. In Windows 7, it can be easily implemented. In simple terms, custom settings are some of the strategies that are discovered by some networks, but not all are valid, but partially effective. If you want to make custom settings, the system administrator can first set this network discovery to "Enable Network Discovery". Then through the firewall to change some network discovery configuration strategies, so that it works. Therefore, the user or system administrator can perform flexible configuration according to their own needs. That is, the security considerations are met, and the convenience of sharing folders and sharing devices can be improved.

Second, the common problems found in the network.

At some point (especially if the Windows 7 client coexists with other XP clients), even if network discovery is enabled, there will be some trouble in network sharing and network access. This is mainly because network discovery also requires some technical support or because of incompatibility between different clients. According to the author's test, after using network discovery, you may encounter the following problems.

One is that if the DNS Clinet function on the client is not enabled, then the network discovery function is activated, and other clients still cannot find this Windows7 client computer; or this Windows7 client. The computer is still unable to find its companion in My Network Places. This is mainly because network discovery must require the client to start the DNS Clinet function to be effective. If this feature is not enabled, then this configuration will not work. By default, the operating system is enabled for this feature. However, for some specific purposes, this DNS Clinet feature will be turned off or temporarily turned off. Such as for security or testing needs and so on. So when network discovery is enabled, system engineers need to first determine if some of the features that the network discovery relies on are enabled. The author also looked up some official information of Microsoft Windows7 and found that if you want to use the network discovery, in addition to enabling the DNS Clinet function, you also need to enable SSDP, UPnP and other services to be able to play the full power of network discovery. Therefore, system administrators need to know the purpose of these services and determine whether they need to be turned on according to actual needs. Note that from a security and performance perspective, the service is not open as much as possible. Instead, follow the minimal principle of opening only the services you need. If you use Windows 7 as a server, you need to pay more attention to this. This can greatly improve its security and operational performance.

The second is to eliminate the interference of the firewall. As mentioned above, system engineers can also customize the network discovery policies through firewalls. However, if you are not familiar with the settings of the network firewall, it is very likely that the network discovery will not work properly due to the wrong configuration. If the system administrator unfortunately encounters this situation, what should I do? The author's opinion is to temporarily turn off the firewall and then test whether the network is normal. If everything is normal at this time, it indicates that the fault is caused by the configuration of the firewall. You need to check the configuration of the firewall. If there is still a problem with disabling the firewall, then there is not much relationship with the configuration of the firewall. This is mainly because most network access failures are caused by firewalls. For this reason, I suggest that you should not set a firewall for the client in case of failure to avoid network access. For the server, it is best to set a suitable firewall policy (such as allowing only a specific host to find him on the network, etc.) to ensure its security. Of course this is for enterprise applications. Because enterprises often deploy a separate firewall between the internal network and the external network, such as Cisco's hardware firewall. To do this, deploying a firewall on the client is not necessary. And as a home computer, because there is no independent firewall protection, then configuring the firewall on its computer also has a certain protection.

The third is to choose the right network location. Management measures for network location are provided in Windows 7. By default, it proposes four network locations, namely home network, workgroup, public network and domain. It should be noted here that different network locations correspond to a set of firewall policies. In other words, choose different network locations, which by default correspond to different network configurations and firewall policies. Therefore, when system engineers and network engineers deploy Windows 7 network applications, they also need to pay attention to the differences in firewall policies corresponding to these network locations. This will help them choose the right network location. And sometimes choosing a different location will also affect whether the system enables network discovery. In other words, network location, network discovery and firewall are all integrated. To really understand the power of network discovery, system administrators must understand the connections between the three.