set up a system firewall vista, the use of two interfaces to meet the different needs of
Vista
Firewall
there are two separate graphical configuration interface: First, the basic configuration interface It can be accessed through the "Security
Center" and "Control Panel"; the second is the advanced configuration interface, which can be accessed as a plugin after the user creates a custom MMC.
This prevents unintentional changes for novice users from causing connection disruptions, and provides a way for advanced users to fine-tune firewall settings and control outbound and inbound traffic. Users can also use the command in the netsh advfirewall context to configure the Vista firewall from the command line. Scripts can also be used to automatically configure the firewall for a group of computers. Group Policy can also be used to control the settings of the Vista firewall.
Second, the default security settings
Vista under the Windows Firewall with secure default configuration, while still supporting the best ease of use. By default, most inbound traffic is blocked and outbound connections are allowed. The Vista firewall works in conjunction with Vista's new Windows Service Hardening feature, so if the firewall detects a behavior that is prohibited by the Windows Service Hardening Network
rule, it blocks this behavior. The firewall also fully supports a pure IPv6 network environment.
three,
basic configuration options using the basic configuration interface, the user can enable or disable the firewall, the firewall settings or completely block all programs; may also allow exceptions exist (which can be specified without blocking Program, service or port), and specify the scope of each exception (whether applicable to traffic from all computers, including computers on Internet
, computers on LAN/subnet, or you have specified IP The computer of the address or subnet); you can also specify which connections you want the firewall to protect and configure the security log and ICMP settings.
four, ICMP message blocking
default, inbound ICMP echo request through the firewall, all other ICMP messages are blocked out. This is because the Ping tool is used periodically to send response request messages for troubleshooting. However, the hacker can also send an echo request message to lock the target host. Users can block response request messages through the Advanced tab on the basic configuration interface.
five multiple firewall profiles
With Advanced Security MMC plug-in Vista firewall allows users to create multiple firewall profiles on your computer, so you can use different environments for different firewall Configuration. This is especially useful for laptops. For example, when a user connects to a public Wireless Hotspot, it may require a more secure configuration than when connecting to a home network. Users can create up to three firewall profiles: one for connecting to a Windows domain, one for connecting to a private network, and one for connecting to a public network. Six,
IPSec functionality through advanced configuration interface, users can customize IPSec settings to specify encryption and integrity of the security methods used to determine the key life cycle on a time basis is calculated by the session, and select the desired DiffIE-Hellman key exchange algorithm. By default, the data encryption feature of an IPSec connection is disabled, but it can be enabled and which algorithms are selected for data encryption and integrity.
7, security rules
through the wizard, the user can gradually create a security rule to control how between a single computer or a group of computers and when to establish a secure connection; also be based on the domain Standards such as members or security conditions restrict connections, but allow specified computers to fail to meet connection verification requirements; rules can also be created to require authentication for two specific computers ( server
to server), or Use tunnel rules to verify the connection between gateways.
eight, custom validation rules
when creating custom validation rules to specify a single computer or group of computers for connecting the endpoints (the IP address or address range). The user can request or request verification of an inbound connection, an outbound connection, or both.
nine, inbound and outbound rules
user can create inbound and outbound rules to block or allow specific programs or ports are connected; preset rule may be used, may be Create custom rules, the New Rule Wizard can help users step through the steps of creating rules; users can apply rules to a set of programs, ports or services, or apply rules to all programs or a specific program; A software
makes all connections, allows all connections, or only allows secure connections, and requires encryption to protect the security of data sent over the connection; source IP can be configured for inbound and outbound traffic The address and destination IP address can also be configured for source TCP and UDP ports as well as destination TCP and UPD ports.
ten rules
catalog of user activity can create a rule based on connection activity block or allow the user directory, a computer or group of accounts, as long as the connection through with Kerberos v5 (Active Directory comprising Account information) IPSec to protect security. Users can also use the Windows Firewall with advanced security features to enforce Network Access Protection (NAP) policies.
Windows Meeting Space (WMS) is a new program built into Windows Vista that allows up to 10 collaborators to share desktops, files, and presentations, and to send personal messages to each other over the network.