The Importance of Firewalls

Firewalls are an under-utilized line of defense. A presentation I watched from a member of the Microsoft team said that many people, and companies, either leave default host firewall rules or disable them altogether. The default firewall rules are block inbound except for established connections and allow outbound unless it matches an explicit block rule. By itself, this is a useful concept, but the inbound rules allow more than necessary for most people. They are designed to just work in most environments as soon as the computer is connected.

A better move is for people installing computers to spend some time focusing on what traffic should actually occur in their networks. If nobody needs SSH in, then disable it. I found that I could disable many inbound rules, I had no use for them. On a server, I also try to block outbound connections when possible. In competition environments, I set inbound and outbound to deny and then pull a list of allow rules from GitHub. These rules are configured down to the program or service. Firewall rules in Windows are such an important factor in stopping communication, data exfiltration, network exploration, and virus distribution. Building these rules also gives a much better understanding of the kinds of communication that is happening on a network. I am surprised that more people don’t utilize these rules.

~Connor Shade

Advertisements

Setting Windows Firewalls – An Improvement

I am a Computing Security student, so my future career should be in security. I’ve been in two security competitions so far, with a third coming up, and in all of them I have secured Windows. Within the first 5 minutes of having access to my server, I like to change passwords, disable extraneous accounts, and set up firewalls. The first two are easy, but setting up firewalls is a pain.

Windows firewalls are complex. This is a benefit, I can allow only specific applications to communicate, but it is also a bad thing because there is no quick way to set up these firewalls. Windows had a Security Compliance Manager, which I believe could make firewalls easier to implement, but they have retired it in June of 2017. It was also a massive program that I did not have time to use in the first 5 minutes of a competition.

What I need is a simple way to configure firewalls on a server that can be pulled from the cloud and run in a competition environment. This probably exists as a tool, but I have not (and will not) look for one until after trying to make one myself.

The way this process can be improved is if firewalls were configured based upon services installed and their required ports/protocols as services were installed. A tool that can do this would make the first part of competitions on a Windows device easier

~ Connor Shade