Windows Server 2008 Firewall Advanced Application

In Windows Server 2008, the built-in firewall has been improved and improved as never before, and it is no longer the original "chicken rib". Below, explore the following advanced application configurations.

Windows Firewall with advanced security combines a host firewall with IPSec. Unlike border firewalls, Windows Firewall with advanced security runs on every computer running this version of Windows and provides local protection for network attacks that may traverse the border network or originate within the organization. It also provides a computer-to-computer connection security that allows you to require authentication and data protection for communications.

This is the Advanced Security Windows Firewall (WFAS) in Windows Server 2008. Has the following new features:

1, a new graphical interface.

This advanced firewall is now configured through a management console unit.

2. Two-way protection.

Filter outbound and inbound traffic.

3, better cooperation with IPSEC.

Windows Firewall with Advanced Security integrates Windows Firewall functionality and Internet Protocol Security (IPSec) into a single console. Use these advanced options to configure key exchange, data protection (integrity and encryption), and authentication settings as needed for your environment.

4. Advanced rule configuration.

You can create firewall rules for various objects on Windows Server and configure firewall rules to block or allow traffic to pass through Windows Firewall with advanced security.

When an incoming packet arrives at the computer, the Windows Firewall with advanced security checks the packet and determines if it meets the criteria specified in the firewall rules. If the packet matches the criteria in the rule, the Windows Firewall with advanced security enforces the action specified in the rule, blocking the connection or allowing the connection. If the packet does not match the criteria in the rule, Windows Firewall with advanced security drops the packet and creates an entry in the firewall log file if logging is enabled.

When configuring rules, you can choose from various standards: application name, system service name, TCP port, UDP port, local IP address, remote IP address, configuration file, interface type ( Such as network adapters, users, user groups, computers, computer groups, protocols, ICMP types, and so on. The standards in the rules are added together; the more standards you add, the finer the Windows Firewall with advanced security matches incoming traffic.

By adding two-way protection, a better graphical interface, and advanced rule configuration, this advanced security Windows firewall is becoming as powerful as traditional host-based firewalls, such as ZoneAlarmPro.

By using this advanced firewall, you can better harden your server from attack, let your server not be exploited to attack others, and really determine what data is coming in and out of your server. Let's take a look at how to achieve these goals.

Configure Windows Firewall Advanced Security

In previous Windows Server, you could Go to configure your network adapter or configure the Windows Firewall from the control panel. This configuration is very simple.

For Windows Advanced Security Firewall, most administrators can configure it either from Windows Server Manager or from the Windows Advanced Security Firewall MMC snap-in. The following is a screenshot of the two configuration interfaces:

Figure 1, Windows Server 2008 Server Manager

< BR> Figure 2. Windows2008 Advanced Security Firewall Management Console

The easiest and fastest way to start this Windows Advanced Security Firewall is to type 'firewall' in the search box in the Start menu, as shown below:

Figure 3. How to quickly start the Windows 2008 Advanced Security Firewall Management Console

In addition, you can also use the command line tool to configure network component settings. Netsh to configure Windows Advanced Security Firewall. Use netshadvfirewall to create scripts that automatically configure a set of Windows Firewall settings with advanced security for both IPv4 and IPv6 traffic. You can also use the netshadvfirewall command to display the configuration and status of a Windows Firewall with advanced security.

What can I configure with the new Windows Advanced Security Firewall MMC snap-in?

Since you can configure so many features with this new firewall management console, I can't mention them all. If you've ever seen the configuration graphical interface of Windows 2003's built-in firewall, you'll quickly find that there are so many options hidden in this new Windows Advanced Security Firewall. Let me choose some of the most commonly used features to introduce to everyone.

By default, when you first enter the Windows Advanced Security Firewall Management Console, you will see that Windows Advanced Security Firewall is turned on by default and blocks inbound connections that do not match inbound rules. In addition, this new outbound firewall is turned off by default.

The other thing you will be aware of is that this Windows Advanced Security Firewall has multiple configuration files for users to choose from.

Figure 4. Configuration file provided in Windows 2008 Advanced Security Firewall

There is a domain configuration file in this Windows Advanced Security Firewall. Dedicated and public profiles. A configuration file is a method of grouping settings, such as firewall rules and connection security rules, that are applied to a computer based on its location. For example, depending on whether your computer is in a corporate LAN or in a local coffee shop.

In my opinion, among the improvements to the Windows 2008 Advanced Security Firewall we discussed, the most significant improvement is the more complex firewall rule. Take a look at the Windows Server 2003 firewall to add an exception, as shown below:

Figure 5, Windows2003Server firewall exception window

Compare Windows2008Server Configuration window.

Figure 6, Windows2008Server Advanced Firewall exception settings window

Note that protocol and port label just this multi-tab window in a small section. You can also apply rules to users and computers, programs and services, and IP address ranges. With this complex firewall rule configuration, Microsoft has moved Windows Advanced Security Firewall towards Microsoft's IAS Server.

The number of default rules provided by Windows Advanced Security Firewall is also surprising. In Windows 2003 Server, there are only three default exception rules. The Windows 2008 Advanced Security Firewall provides approximately 90 default inbound firewall rules and at least 40 default outbound rules.

FIG. 7, Windows2008Server advanced firewall default inbound rule

< Br>

So how do you create a rule using this new Windows Advanced Firewall? Let's take a look.

How do I create a custom inbound rule?

If you have already installed the Windows version of the Apache web server on your Windows 2008 Server. If you have already used Windows built-in IIS web server, this port will automatically open for you. However, since you are currently using a web server from a third party and you have opened the inbound firewall, you must open this window manually.

Here are the steps:

· Identify the protocol you want to block - in our case, it is TCP/IP (corresponding to UDP/IP or ICMP).

· Identify the source IP address, source port number, destination IP address, and destination port. The web communication we are doing is data communication from any IP address and any port number and flowing to port 80 of this server. (Note that you can create a rule for a particular program, such as the apacheHTTP server here).

· Open the Windows Advanced Security Firewall Management Console.

·Add Rule - Click the New Rule button in the Windows Advanced Security Firewall MMC to start the wizard for launching the new rule.

Figure 8, Windows2008Server Advanced Firewall Management Console - the New Rule button

· to select a port you want to create rule.

·Configure Protocol and Port Number - Select the default TCP protocol and enter 80 as the port, then click Next.

· Select the default "Allow Connection" and click Next.

· Select the default to apply this rule to all profiles and click Next.

· Give this rule a name and click Next.

At this time, you will get the following diagram of a rule:

Figure 9, Windows2008Server advanced firewall management after creating rules The console

is configured.