Flexible use of Windows2003 to build a campus network server firewall

In the daily management and maintenance of the campus network, network security is receiving increasing attention. Whether the campus network server is safe or not will directly affect the normal operation of the school's daily education and teaching work. In order to improve the security of the campus network, the network administrator first thinks of installing a hardware firewall or purchasing a software firewall, but the hardware firewall is expensive, and the software firewall is also expensive. This is a school for middle and primary schools with relatively tight teaching costs. heavy burden. In this article, I combine my own work experience to talk about how to use the firewall function provided by Windows 2003 to build a security defense line for campus network servers.

Windows 2003 Firewall Features

The firewall provided by Windows 2003 is called Internet Connection Firewall, which allows secure network communication to enter the network through the firewall, while rejecting insecure communication. Protect your network from external threats. Internet Connection Firewall is only included in Windows Server 2003 Standard Edition and 32-bit versions of Windows Server 2003 Enterprise Edition.



on a Windows 2003 server, the computer is directly connected to the Internet to enable the firewall function, support network adapter, DSL adapter or dial-up modem to connect to the Internet.

1. Start/Stop Firewall

(1) Open "Network Connection", right-click the connection you want to protect, click "Properties", and the "Local Area Connection Properties" dialog box appears.

(2) Click the "Advanced" tab, appear as shown in Figure 1 start /stop the firewall interface. If you want to enable Internet Connection Firewall, select the Protect my computer and network by restricting or blocking access to this computer from the Internet check box; if you want to disable Internet Connection Firewall, clear the above selection.

2. Firewall Service Settings

Windows 2003 Internet Connection Firewall can manage service ports, such as HTTP port 80, FTP port 21, etc. As long as the system provides these services, the Internet connection firewall can monitor and manage these ports.

(1) the standard of service set

standard Web service to our Windows 2003 servers provide an example (default port 80), follow these steps: interface shown in Figure 1 Click the [Settings] button, and the "Service Settings" dialog box shown in Figure 2 appears. In the "Service Settings" dialog box, select the "Web Server (HTTP)" option and click the [OK] button. Once set, network users will not be able to access other network services provided by the server other than the web service.



Local Connection Properties dialog box in FIG. 1

FIG service settings dialog

< BR> Note: You can choose according to the services provided by the Windows 2003 server, you can choose more. The standard service system is already preset in the system, you just need to select the appropriate option. If the server also provides non-standard services, it needs to be manually added by the administrator.

(2) Setting of non-standard services

Let us take the example of opening a non-standard Web service through 8000 ports. In the Service Settings dialog box of Figure 2, click the [Add] button, and the "Service Add" dialog box appears. In this dialog box, fill in the service description, IP address, port number used by the service, and select The protocol used (Web service uses TCP protocol, DNS query uses UDP protocol), and finally click [OK]. After the setup is complete, network users can access the corresponding services through port 8000, and access to unauthorised TCP and UDP ports is isolated.

3. Firewall Security Log Settings

In the Service Settings dialog box of Figure 2, select the Security Log tab, the Security Log Settings dialog box appears, select the items to be logged, and the firewall will record the corresponding data. . The default path of the log file is C:\\Windows\\Pfirewall.log, which can be opened with Notepad. The format of the generated security log is W3C extended log file format, which can be viewed and analyzed by common log analysis tools.

Note: It is very necessary to establish a security log. When the server security is threatened, the log can provide reliable evidence.



Internet Connection Firewall can effectively intercept the illegal invasion of Windows 2003 server to prevent illegal remote host scanning for servers, improve the security of Windows 2003 servers. At the same time, it can also effectively intercept viruses that use operating system vulnerabilities for port attacks, such as worms such as shockwaves. If you enable this firewall feature on a virtual router built with Windows 2003, it can protect the entire internal network. The above is some of my experience in the daily work, I hope to provide you with reference.