Network security has been valued by more and more people, and the most important means to ensure the security of their own computers is to install anti-virus software, network firewalls and anti-spyware software. Today Xiaobian wants to explain to everyone how to set up their own firewall under the vista operating system.
First, use two interfaces to meet different needs
Vista firewall has two independent graphical configuration interface : The basic configuration interface can be accessed through the “Security Center” and “Control Panel”; the second is the advanced configuration interface, which can be accessed as a plug-in after the user creates a custom MMC.
This prevents unintentional changes for novice users from causing connection disruptions, and provides a way for advanced users to fine-tune firewall settings and control outbound and inbound traffic. Users can also use the command in the netsh advfirewall context to configure the Vista firewall from the command line. Scripts can also be used to automatically configure the firewall for a group of computers. Group Policy can also be used to control the settings of the Vista firewall.
Second, the security under the default settings
Vista Windows Firewall in the default state with security configuration, while still supporting the best ease of use. By default, most inbound traffic is blocked and outbound connections are allowed. The Vista firewall works in conjunction with Vista's new Windows Service Hardening feature, so if the firewall detects behavior that is prohibited by Windows Service Hardening Network Rules, it blocks this behavior. The firewall also fully supports a pure IPv6 network environment.
Third, the basic configuration options
Using the basic configuration interface, the user can start or close the firewall, or set the firewall to completely block all programs; can also allow exceptions exist (can specify which programs, services or ports are not blocked) And specify the scope of each exception (whether it applies to traffic from all computers, including computers on the Internet, computers on the LAN/subnet, or computers where you have specified an IP address or subnet); you can also specify the hope The firewall protects which connections and configures security logs and ICMP settings.
Fourth, ICMP message blocking
By default, inbound ICMP echo requests can pass through the firewall, and all other ICMP information is blocked. This is because the Ping tool is periodically used to send an echo request message for troubleshooting. However, the hacker can also send an echo request message to lock the target host. The user can block the response request message through the “Advanced” tab on the basic configuration interface.
Five, multiple firewall configuration files
Vista firewall with advanced security MMC plug-in allows users to create multiple firewall configuration files on the computer, so that different firewall configurations can be used for different environments. This is especially useful for portable computers. For example, when a user connects to a public wireless hotspot, it may require a more secure configuration than when connected to a home network. Users can create up to three firewall profiles: one for connecting to a Windows domain, one for connecting to a private network, and one for connecting to a public network.
Six, IPSec function
Through the advanced configuration interface, users can customize IPSec settings, specify security methods for encryption and integrity, determine the key life cycle by time or by session, and select the required Diffie-Hellman key exchange algorithm. By default, the data encryption feature of an IPSec connection is disabled, but it can be enabled and which algorithms are selected for data encryption and integrity.