In today's Internet popularization, the network is almost inseparable from everyone's life. The network is developed quickly, but our computer may not be safe when you are online, maybe you don't know, when you chat with QQ or MSN, others may have invaded your computer. The ancient words, the heart of the anti-human is indispensable, here will introduce you the best personal network security tools in China - Tianwang firewall personal version. Tianwang firewall can effectively control the information of the personal user computer in the Internet. Users can use some parameters to achieve information exchange between local and Internet, block and eliminate some malignant information on this attack, such as ICMP FLOOD attack, chat room bomb, Trojan information, etc., now the latest The version is 2.61. Let's talk about the application of Tianwang firewall, hoping to help the majority of computer beginners.
Since the Tianwang firewall has a formal version (the version, the service is good, the function is strong) and trial version (free, the advanced function is subject to some restrictions), I support genuine software, so here is the official version For example, the interface and operation of the trial version are basically the same, using the trial version can refer to a similar operation.
After installation, we must play up after the restart, open the open space firewall. By default, its role is very powerful. But sometimes it has brought a lot of inconvenience, and then said. Therefore, if there is nothing special requirements, set it to the default to OK, the security level is good.
First, ordinary applications (default)
Let's introduce some simple settings of the Tianwang, as shown in Figure 1 is the system setting interface, you can set it with reference: Figure 1
The related pictures of this topic are as follows:
Below is an IP rule, generally the default, actually the same as the default intermediate rule in the unmodified custom IP rules. But if you want to create new IP rules, it is also possible, because we will introduce, here is the default, there is not much to say. Figure II
The related pictures of this topic are as follows:
Below is the case where each program is used and monitoring port, you can view what program uses port, which port is used, is there a suspicious program to use network resources, such as Trojans, then you can re-customize IP rules according to request Some ports and some IPs from accessing their own machines, and the like. Figure three
The related pictures of this topic are as follows:
Look at the picture below, you record your program to access the network record, LAN, and online IP to scan your port, for reference to take the corresponding countermeasure, because it is default not to say, the log is basically Rejecting the operation. Figure four
The related pictures of this topic are as follows:
The above is some of the security websites under the default, as long as you don't have any special requirements, such as open some ports or mask some ports, or some IP operations, etc., by default, the power of firewalls can play a powerful role in the firewall. However, the demanding requirements of the firewall bring trouble to the use of some programs. Here is the setting method of opening some ports, you can push it in order, complete the relevant operation you want.
Second, firewall open port applications
If you want to open the port, you have to create a new IP rule, so before you say open port, let's create new IP rules, as shown in Figure 5, double-click the new rule settings in custom IP rules. Figure 5
The related pictures of this topic are as follows:
When you click to add a rule, you will appear the interface shown below, and we divide it into four parts. Figure 6
The related pictures of this topic are as follows:
1) Figure 6 1 is a new IP rule, you can take a representative name, such as "Open BT6881-6889 Port", indicating that the details can be available. There is also a choice of packet direction, divided into three types of reception, transmission, reception, and transmitting, can be determined according to the specific situation. 2) It is the other party IP address, divided into any address, local area address, specified address, and specify four kinds of network addresses.
3) Various protocols used by IP rules, five protocols, IP, TCP, UDP, ICMP, IGMP, can be selected and set according to specific situations, such as open IP addresses, QQ uses UDP protocols, etc.
4) Compare the key, it is to decide whether you set up the rules to be allowed or refused. Is it a pass or intercept or continue the next rule, do you want to record, look at what you think, specifically look at the example.
If you set the IP rules, click OK to save and move the rules to the top of the protocol group, which completes the establishment of the new IP rule and works immediately.
Third, open the port instance
After introducing the new IP rules, we started to illustrate, after all, the example is the best description. Everyone may know that the port used by BT is the nine ports of 6881-6889 ports, and the default settings of the firewall are not allowed to access these ports, which only allows BT software to access the network, so sometimes BT download speed . Of course, you have no effect on the firewall, but the machine is not safe? So below to open the 6881-6889 port.
1) After the picture fifth click, it is set up after the next picture of the IP rule appears. Since the BT uses the TCP protocol, then the seven settings are OK, click OK to complete the establishment of the new rules, I Named BT. Figure 7
The related pictures of this topic are as follows:
After setting the new rule, move the rules to the top of the protocol group, and save it. You can then perform online port testing whether the connection port of the BT is already open. Figure eight
The related pictures of this topic are as follows:
Fourth, application custom rules prevent common viruses
What is introduced above is the application of open port, which is substantially capable of push, such as other programs to use some ports, and the firewall does not open these ports, you can set it yourself, I believe everyone can get it. Let's introduce some examples of applications, it is the port, so that some viruses cannot invade.
1, prevent shock waves
Shock wave, this virus is familiar? ? It uses the RPC service vulnerability of the Windows system and the open 69, 135, 139, 445, 4444 port invasion.
How to prevent, it is the top port of the seal, first of all the "Prohibited Internet Machine Use My Sharing Resources" in Figure 8 (tick) has banned 135 and 139 ports.
The following is the picture nine of the 4444 port.
The related pictures of this topic are as follows:
Below is a picture of the 69 and 445 ports, the above picture shows 69 below 445
The related pictures of this topic are as follows:
The related pictures of this topic are as follows:
After the establishment is, save, remember to save, very much, don't remember save. After the saving, you can prevent the impact wave, the patch is not used, cool? ?
2. Prevent Ice Trojan
Ice, is it familiar? It is also a more embarrassing virus. It uses the UDP protocol. The default port is 7626, as long as it is sealed in the firewall, how can it be? Specifically see the following figure
The related pictures of this topic are as follows:
If you master some viruses attack characteristics and the port they can refer to the above method, in fact, the settings are similar, everyone can refer to, can greatly prevent viruses and Trojans attack! 5. How do you open Web and FTP services?
I believe that many friends have used the FTP server software and web server, and the firewall not only limits the server access to the external server, but also limits the external computer to access the machine.
So we have to set the firewall for the web and the FTP server, you must set up the firewall, first of all, in Figure 8, "prohibiting all people connection", will go out.
The following is the web and ftp IP rules for your reference to the web, the figure below is FTP.
The related pictures of this topic are as follows:
The related pictures of this topic are as follows:
6. Analysis of common logs (for reference only)
Using the firewall key is to look at the log, understand the log is critical to analyze the problem. Let's see the picture below, which is the log record, which records the case where the packets that do not meet the rules are intercepted, and you can know yourself by analyzing the log. What attack. Let's talk about the representative of the log, of course, many of me is also modeled, I hope prawn can give some more detailed explanations.
The related pictures of this topic are as follows:
Look at the picture, the general log is divided into three lines. The first line reflects the transmission, acceptance time, sender IP address, the other party communication port, packet type, native communication port, etc .; second behavior TCP data The flag of the package, a total of six signs, namely: URG, ACK, PSH, RST, SYN, FIN, only the first letter is displayed when the log is displayed, and their simple meanings are as follows:
ACK: Confirmation Sign
Tip remote system has successfully received all data
SYN: Synchronization Sign
This flag is only valid when establishing a TCP connection, it prompts the TCP connection server check sequence number
FIN: End Sign
Packets with the flag are used to end a TCP session, but the corresponding port is still in an open state, ready to receive subsequent data.
RST: Reset Sign, Specific effect
Others don't know, huh, huh
The third line is a method of processing a packet. For data packets that do not meet the rules, it will be displayed as "Continue the next rule" for the data package that does not meet the rules.
Let's take some common typical examples to say:
Record 1: [22:30:56] 202, 121, 0, 112 Try to detect this unit with ping
TCP logo: s
This operation is rejected
The record shows that the PING command is issued from the IP address 202, 121, 0, 112 to your computer, but is rejected.
People use the ping command to determine if a legal IP exists, when others use the ping command to detect your machine, if your computer has installed the TCP / IP protocol, return to a echo ICMP package, if you set up in the firewall rule "Prevent others from using the ping command to detect the host" as shown eight miles, your computer will not return to the other party's ICMP package, so others can't use the ping command to detect your computer, and think that there is no computer. If there is no big surprise, but if there is N from the same IP address in the log, there is a ghost, it is very likely that someone else uses a hacker tool to detect your host information. What do he want to do? who knows? It must be uncomfortable.
Record 2: [5:29:11] 61, 114, 155, 11 Try to connect to this machine's HTTP [80] port
TCP logo: s
This operation is rejected
The HTTP [80] port of this unit is the port of the HTTP protocol, mainly used to perform HTTP protocol data exchange, such as web browsing, providing Web services. For the server, the record indicates that someone accesses the web page through this port, and for personal users generally do not have this service, if the individual users see such records from different IP and port numbers in the log, the TCP flag is S (ie, the connection request), it is over, you may be attacked by the SYN flood. There is also a virus such as the "Red Code" class, mainly attacking the server, and there will be the above situation. Record 3: [5:49:55] 31, 14, 78, 110 Try to connect to the machine's Trojan Horse Ice [7626] port
TCP logo: s
This operation is rejected
This is a scared record. If you don't have a small wood horse, there is no opening 7626 port, of course, there is nothing. And if you have implanted your machine, you have already in the ice, the Trojan automatically opens the 7626 port, welcoming the arrival of the afar hacker and controls your machine, then you will finish, but you have installed the firewall, even if you Trojan, the operation is also banned, and there is no way to hacker. But this is a common Trojan, and the firewall will give the corresponding Trojan name, and for uncommon Trojans, the Tianwang will only give the port slogan. At this time, you have to analyze the port is and Which Trojans are associated, thus judge the attempt of the other party, and take corresponding measures to seal the port.
Record 4: [6:12:33] Receive the IGMP packet of 228, 121, 22, 55
This package is intercepted
This is the most common in the log, and the most common attack form. IGMP (Internet Group Management Protocol) is a protocol for multicast. It is actually a use of Windows users, but because there is an IGMP vulnerability in Windows, the length is transmitted to the machine installed with a Windows 9x operating system and When a large number of IGMP packets, the system TCP / IP stack crashes, the system is directly blue screen or crash, which is the so-called IGMP attack. In the symbol, it behaves a large number of IGMP packets from the same IP. This rule is usually set in the custom IP rule, as long as you choose.
Record 5: [6:14:20] 192, 168, 0, 110 1294 port stops sending packets to this machine
TCP logo: f A
Continue the next rule
[6:14:20] This machine answers the 1294 port of 192, 168, 0, and 110
TCP logo: a
Continue the next rule
From the above two rules, you know that the machine that sends a packet is the machine in the local area, and the unit also responds, so that the transmission of this data is in line with the rules. Why have you had this record, that is, you selected "TCP Packet Monitor" in the Rules of Bayri Firewall, so that the data packets transmitted through TCP will be recorded, so everyone does not think that there is a new record is that people are attacking you, above The log is normal, don't be afraid! Ha ha!
The log of the firewall is far less than the above. If you encounter some abnormal connections, your hand information and online information are the magic weapons you look for, or look at the firewall homepage, which helps you improve the firewall rules. Setting up, making your access to more secure.
Seven, online upgrade function
Now Tianwage continues to launch a new rule base. As a formal version of users, you can certainly enjoy this free upgrade, just click on the online upgrade, less than 2 minutes can complete the entire upgrade process, that is, fast and convenient. The related pictures of this topic are as follows:
After clicking, a prompt box for online upgrade network settings appears. If you don't use the agent to access the Internet, you don't have to set it, directly next to install the rules package, so you have completed the upgrade.
The related pictures of this topic are as follows:
The related pictures of this topic are as follows:
The related pictures of this topic are as follows:
After the upgrade, the custom rules of the firewall will have many rules of defensive Trojans, so you can't set it yourself, just use the custom level. However, after the customization is selected, I remember to save the rule in the custom rule, so that the log will be recorded.
Eight, summary
I have said a pass, I don't know if you can understand, in fact, the role of firewall is to hide yourself IP, monitor your respective ports, and give a log, let everyone analyze and find corresponding countermeasures, flexible application firewall Can bring a relatively high security to your machine. Of course, some viral Trojans are inducing users to actively access, and they will prevent security awareness to prevent it. In short, the Internet is big, there are more people, what kind of people have, so it is essential to give a firewall to the machine!
