In the daily management and maintenance of the campus network, network security is receiving increasing attention. Whether the campus network server is safe or not will directly affect the normal operation of the school's daily education and teaching work. In order to improve the security of the campus network, the network administrator first thinks of installing a hardware firewall or purchasing a software firewall, but the hardware firewall is expensive, and the software firewall is also expensive. This is a school for middle and primary schools with relatively tight teaching costs. heavy burden. In this article, I combine my own work experience to talk about how to use the firewall function provided by Windows 2003 to build a security defense line for campus network servers. Introduction to Windows 2003 Firewall Features The firewall provided by Windows 2003 is called the Internet Connection Firewall, which allows the network to be protected from external threats by allowing secure network traffic to enter the network through the firewall while rejecting insecure communication. Internet Connection Firewall is only included in Windows Server 2003 Standard Edition and 32-bit versions of Windows Server 2003 Enterprise Edition.
Internet Connection Firewall Settings
On Windows 2003 servers, the firewall function is enabled for computers directly connected to the Internet, and supports network adapters, DSL adapters, or dial-up modems to connect to the Internet.
1. Start/Stop Firewall
(1) Open "Network Connection", right-click the connection you want to protect, click "Properties", and the "Local Area Connection Properties" dialog box appears.
(2) Click the "Advanced" tab, the start /stop firewall interface shown in Figure 1. If you want to enable Internet Connection Firewall, select the Protect my computer and network by restricting or blocking access to this computer from the Internet check box; if you want to disable Internet Connection Firewall, clear the above selection.
2. Firewall service settings
Windows 2003 Internet Connection Firewall can manage service ports, such as HTTP port 80, FTP port 21, etc. As long as the system provides these services, the Internet connection firewall These ports can be monitored and managed.
(1) Standard Service Settings
Let's take the standard Web service provided by Windows 2003 server as an example (default port 80). The operation steps are as follows: Click in the interface shown in Figure 1. [Settings] button, the "Service Settings" dialog box shown in Figure 2 appears; in the "Service Settings" dialog box, select the "Web Server (HTTP)" option, click the [OK] button. Once set, network users will not be able to access other network services provided by the server other than the web service. Note: You can choose according to the services provided by the Windows 2003 server, you can choose more. The standard service system is already preset in the system, you just need to select the appropriate option. If the server also provides non-standard services, it needs to be manually added by the administrator.
(2) Setting of non-standard services
Let us take the example of opening a non-standard Web service through 8000 ports. In the Service Settings dialog box of Figure 2, click the [Add] button, and the "Service Add" dialog box appears. In this dialog box, fill in the service description, IP address, port number used by the service, and select The protocol used (Web service uses TCP protocol, DNS query uses UDP protocol), and finally click [OK]. After the setup is complete, network users can access the corresponding services through port 8000, and access to unauthorised TCP and UDP ports is isolated.
3. Firewall security log settings
In the "Service Settings" dialog box of Figure 2, select the "Security Log" tab, the "Security Log Settings" dialog box appears, select the items to be recorded, the firewall will record the corresponding The data. The default path of the log file is C:\\Windows\\Pfirewall.log, which can be opened with Notepad. The format of the generated security log is W3C extended log file format, which can be viewed and analyzed by common log analysis tools.
Note: It is very necessary to establish a security log. When the server security is threatened, the log can provide reliable evidence.
Internet Connection Firewall Application Thinking
Internet Connection Firewall can effectively block the illegal invasion of Windows 2003 server, prevent illegal remote host from scanning the server, and improve the security of Windows 2003 server. At the same time, it can also effectively intercept viruses that use operating system vulnerabilities for port attacks, such as worms such as shockwaves. If you enable this firewall feature on a virtual router built with Windows 2003, it can protect the entire internal network. The above is some of my experience in the daily work, I hope to provide you with reference.
Setting up WINS Servers Windows Internet Naming Service (WINS) is a very effective way to find named
Windows Server 2008 (hereinafter referred to as: WS08) system installation, you will find that altho
In the process of viewing the picture, if you put the mouse over the picture, you can generate a lar
The new GUI management page replaces Microsofts previous visual operator interface to make server co
Configuring a Win 2003-based server
How to recover lost administrator passwords in Windows 2000 system
How to achieve network sharing restore in Win 2003
Troubleshooting the System.ini file
Quickly recover the Windows 2000/XP forgotten administrator password
Windows 2000 Power Configuration and Management
Setting up a mail server with Win 2003
Windows2000 Server Intrusion Monitoring
Windows 2000/XP operating system super command syskey
How to modify the Firefox browser proxy Firefox proxy modification tutorial
How does Win8 close the patch update?
Win7 system boot prompt password has expired
Teach you how to log in to the router
How to unshare the files shared by win10 official version?
Vim common commands and configurations
My computer is amd Athlon x2 280 cpu can rise 4 cores?