How to configure Windows 2008 Advanced Firewall

  

The functionality of the firewall in Microsoft Windows Server 2003 is so simplistic that many system administrators regard it as a chicken rib. It has always been a simple, only inbound-protected, host-based state. Firewall. And as Windows Server 2008 approaches us, its built-in firewall features have been greatly improved. Let's take a look at how this new advanced firewall will help us protect the system and how to configure it using the management console unit.

Why should you use this Windows host-based firewall?

Many companies today are using external security hardware to harden their networks. This means that they use firewalls and intrusion protection systems to create a wall around their network that protects them from malicious attackers on the Internet. However, if an attacker can break through the perimeter defenses and gain access to the internal network, only Windows authentication security will be used to prevent them from accessing the company's most valuable assets - their data.

This is because most IT people don't use host-based firewalls to harden their servers. Why is there such a situation? Because most IT people believe that the trouble of deploying host-based firewalls is greater than the value they bring.

I hope that after reading this article, I can take a moment to consider Windows as a host-based firewall. In Windows Server 2008, this host-based firewall is built into Windows and has been pre-installed, has more features than the previous version, and is easier to configure. It is one of the best ways to harden a critical underlying server. Windows Firewall with advanced security combines a host firewall with IPSec. Unlike border firewalls, Windows Firewall with advanced security runs on every computer running this version of Windows and provides local protection for network attacks that may traverse the border network or originate within the organization. It also provides a computer-to-computer connection security that allows you to require authentication and data protection for communications.

So, what can this Windows Server Advanced Firewall do for you, and how do you configure it? Let us continue to look at it.

The new firewall has features and help for you

The built-in firewall in Windows Server 2008 is now "advanced". This is not just that I say it is advanced, Microsoft has now called it Advanced Security Windows Firewall (WFAS).

The following is a new feature that can prove its new name:

1. A new graphical interface.

This advanced firewall is now configured through a management console unit.

2, two-way protection.

Filter outbound and inbound traffic.


3, better cooperation with IPSEC.

Windows Firewall with Advanced Security integrates Windows Firewall functionality and Internet Protocol Security (IPSec) into a single console. Use these advanced options to configure key exchange, data protection (integrity and encryption), and authentication settings as needed for your environment.

4, advanced rule configuration.

You can create firewall rules for various objects on Windows Server and configure firewall rules to block or allow traffic to pass through Windows Firewall with advanced security.

When an incoming packet arrives at the computer, the Windows Firewall with advanced security checks the packet and determines if it meets the criteria specified in the firewall rules. If the packet matches the criteria in the rule, the Windows Firewall with advanced security enforces the action specified in the rule, blocking the connection or allowing the connection. If the packet does not match the criteria in the rule, Windows Firewall with advanced security drops the packet and creates an entry in the firewall log file if logging is enabled.

When configuring rules, you can choose from various standards: application name, system service name, TCP port, UDP port, local IP address, remote IP address, configuration file, interface type ( Such as network adapters, users, user groups, computers, computer groups, protocols, ICMP types, and so on. The standards in the rules are added together; the more standards you add, the finer the Windows Firewall with advanced security matches incoming traffic.

By adding two-way protection, a better graphical interface, and advanced rule configuration, this advanced security Windows firewall is becoming as powerful as traditional host-based firewalls, such as ZoneAlarm Pro.

I know that any server administrator who uses a host-based firewall first thinks: Does it affect the normal operation of this critical server-based application? However, this is a possible problem for any security measure, and Windows 2008 Advanced Security Firewall automatically configures new rules for any new roles added to this server. However, if you run a non-Microsoft application on your server and it requires an inbound network connection, you will have to create a new rule based on the type of communication.

By using this advanced firewall, you can better harden your server from attack, let your server not be exploited to attack others, and really determine what data is coming in and out of your server. Let's take a look at how to achieve these goals.

Understanding the options for configuring advanced security for Windows Firewall

In previous Windows Server, you could configure your network adapter or configure the Windows Firewall from the Control Panel. This configuration is very simple.

For Windows Advanced Security Firewall, most administrators can configure it either from Windows Server Manager or from the Windows Advanced Security Firewall MMC snap-in. The following are screenshots of the two configuration interfaces:

Figure 1, Windows Server 2008 Server Manager

Figure 2, Windows 2008 Advanced Security Firewall Management Console

I found that boot The easiest and quickest way to get this Windows Advanced Security Firewall is to type ‘firewall’ in the search box in the Start menu, as shown below:

Figure 3. Quick Start Windows 2008 Advanced Security Firewall Management Console

Alternatively, you can configure Windows Advanced Security Firewall with Netsh, a command-line tool that configures network component settings. Use netsh advfirewall to create scripts that automatically configure a set of Windows Firewall settings with advanced security for both IPv4 and IPv6 traffic. You can also use the netsh advfirewall command to display the configuration and status of a Windows Firewall with advanced security.

Since you can configure so many features with this new firewall management console, I can't mention them all. If you've ever seen the configuration graphical interface of Windows 2003's built-in firewall, you'll quickly find that there are so many options hidden in this new Windows Advanced Security Firewall. Let me choose some of the most commonly used features to introduce to everyone.

By default, when you first enter the Windows Advanced Security Firewall Management Console, you will see that Windows Advanced Security Firewall is turned on by default and blocks inbound connections that do not match inbound rules. In addition, this new outbound firewall is turned off by default.

The other thing you will be aware of is that this Windows Advanced Security Firewall has multiple configuration files for users to choose from.

Figure 4. Configuration Files Provided in Windows 2008 Advanced Security Firewall

There is a domain configuration file, a dedicated configuration file, and a public configuration file in this Windows Advanced Security Firewall. A configuration file is a method of grouping settings, such as firewall rules and connection security rules, that are applied to a computer based on its location. For example, depending on whether your computer is in a corporate LAN or in a local coffee shop.

In my opinion, among the improvements to the Windows 2008 Advanced Security Firewall we discussed, the most significant improvement is the more complex firewall rule. Take a look at the option to add an exception to the Windows Server 2003 firewall, as shown below:

Figure 5, Windows 2003 Server Firewall Exceptions Window

Let's compare the configuration windows in Windows 2008 Server.

Figure 6. Windows 2008 Server Advanced Firewall Exception Settings Window

Note that the protocol and port labels are just a small part of this multi-label window. You can also apply rules to users and computers, programs and services, and IP address ranges. With this complex firewall rule configuration, Microsoft has moved Windows Advanced Security Firewall towards Microsoft's IAS Server.

The number of default rules provided by Windows Advanced Security Firewall is also surprising. In Windows 2003 Server, there are only three default exception rules. The Windows 2008 Advanced Security Firewall provides approximately 90 default inbound firewall rules and at least 40 default outbound rules.

Figure 7, Windows 2008 Server Advanced Firewall Default Inbound Rules

So how do you create a rule using this new Windows Advanced Firewall? Let's take a look. How to create a custom inbound rule? Suppose you have installed the Windows version of the Apache web server on your Windows 2008 Server. If you have already used Windows built-in IIS web server, this port will automatically open for you. However, since you are currently using a web server from a third party and you have opened the inbound firewall, you must open this window manually. Here are the steps: · identify the protocol you want to block - in our case, it is TCP/IP (corresponding to UDP/IP or ICMP).

· Identifies the source IP address, source port number, destination IP address, and destination port. The web communication we are doing is data communication from any IP address and any port number and flowing to port 80 of this server. (Note that you can create a rule for a particular program, such as the apache HTTP server here).


· Open the Windows Advanced Security Firewall Management Console.

· Add Rules - Click the New Rule button in the Windows Advanced Security Firewall MMC to start the wizard for launching new rules.

Figure 8. Windows 2008 Server Advanced Firewall Management Console - New Rule Button

· Select the rules you want to create for a port. ·Configure Protocol and Port Number - Select the default TCP protocol and enter 80 as the port, then click Next. · Select the default “Allow connection" and click Next. · Select the default to apply this rule to all profiles and click Next. · Give this rule a name and click Next. At this time, you will get a rule like the following picture:

Figure 9, Windows 2008 Server advanced firewall management console after creating rules

After my test, when this rule is not enabled The Apache web server I recently installed does not work. However, after creating this rule, it works fine!

Conclusion: Great improvements are worth a try

With firewall configuration files, complex rule settings and the original 30-fold number of default rules, and many advanced security features not mentioned in this article. Windows 2008 Server Advanced Security Firewall is indeed a veritable name, really a high-level firewall that Microsoft calls. I believe this built-in, free, advanced host-based firewall will ensure that Windows Server will become more secure in the future. However, if you don't use it, it won't help you. So I hope that you will experience this new Windows Advanced Firewall today.

Copyright © Windows knowledge All Rights Reserved