The Importance of Firewalls

Firewalls are an under-utilized line of defense. A presentation I watched from a member of the Microsoft team said that many people, and companies, either leave default host firewall rules or disable them altogether. The default firewall rules are block inbound except for established connections and allow outbound unless it matches an explicit block rule. By itself, this is a useful concept, but the inbound rules allow more than necessary for most people. They are designed to just work in most environments as soon as the computer is connected.

A better move is for people installing computers to spend some time focusing on what traffic should actually occur in their networks. If nobody needs SSH in, then disable it. I found that I could disable many inbound rules, I had no use for them. On a server, I also try to block outbound connections when possible. In competition environments, I set inbound and outbound to deny and then pull a list of allow rules from GitHub. These rules are configured down to the program or service. Firewall rules in Windows are such an important factor in stopping communication, data exfiltration, network exploration, and virus distribution. Building these rules also gives a much better understanding of the kinds of communication that is happening on a network. I am surprised that more people don’t utilize these rules.

~Connor Shade

Advertisements