I am a Computing Security student, so my future career should be in security. I’ve been in two security competitions so far, with a third coming up, and in all of them I have secured Windows. Within the first 5 minutes of having access to my server, I like to change passwords, disable extraneous accounts, and set up firewalls. The first two are easy, but setting up firewalls is a pain.
Windows firewalls are complex. This is a benefit, I can allow only specific applications to communicate, but it is also a bad thing because there is no quick way to set up these firewalls. Windows had a Security Compliance Manager, which I believe could make firewalls easier to implement, but they have retired it in June of 2017. It was also a massive program that I did not have time to use in the first 5 minutes of a competition.
What I need is a simple way to configure firewalls on a server that can be pulled from the cloud and run in a competition environment. This probably exists as a tool, but I have not (and will not) look for one until after trying to make one myself.
The way this process can be improved is if firewalls were configured based upon services installed and their required ports/protocols as services were installed. A tool that can do this would make the first part of competitions on a Windows device easier
~ Connor Shade