Setting Windows Firewalls – An Improvement

I am a Computing Security student, so my future career should be in security. I’ve been in two security competitions so far, with a third coming up, and in all of them I have secured Windows. Within the first 5 minutes of having access to my server, I like to change passwords, disable extraneous accounts, and set up firewalls. The first two are easy, but setting up firewalls is a pain.

Windows firewalls are complex. This is a benefit, I can allow only specific applications to communicate, but it is also a bad thing because there is no quick way to set up these firewalls. Windows had a Security Compliance Manager, which I believe could make firewalls easier to implement, but they have retired it in June of 2017. It was also a massive program that I did not have time to use in the first 5 minutes of a competition.

What I need is a simple way to configure firewalls on a server that can be pulled from the cloud and run in a competition environment. This probably exists as a tool, but I have not (and will not) look for one until after trying to make one myself.

The way this process can be improved is if firewalls were configured based upon services installed and their required ports/protocols as services were installed. A tool that can do this would make the first part of competitions on a Windows device easier

~ Connor Shade


Auditing Your Network in 10 Steps

In the modern day of digitalization, keeping sensitive information safe is a priority to maintaining data integrity. To make sure that the data remains secure over a longer period of time, it is imperative for any business, large or small, to perform a network audit.

Though it might seem obvious, you want to start with listing out all of your assets, which may range from the data that you are trying to protect to employee access cards. You want to identify any point that data can be stored, received, or sent from that uses the internet or similar digital networks. This will help you define what is known as a security perimeter, which may be a physical or conceptual barrier that defines the boundaries of the audit that you are performing. This will help you know what is important to be secure with while excluding things that are not a security threat.

Now that you know what can be attacked, is it important to know how it can currently be attacked as well. If you just make things secure blindly, you may leave a large hole in your security that can be exploited easily. This is why you need to create something called a threats list, which is exactly what it sounds like: a list of threats to your data and devices. This might be something similar to an employee losing a n ID card or something as severe as a powerful virus being uploaded and spread across the network being audited.

Now that all of the current ones are out of the way, you have to think to the future. You can do this by checking your own and  global security trends to see what hackers are starting to do on the local and global scale. You might also consider asking, believe it or not, your competitors who face similar issues. If they have been around longer, they might be willing to help you out and show you threats you might be facing in the future.

Calculating harm is another largely important step when it comes to auditing, as you have to determine how large of measures should be considered for each situation: it might be a bit silly to install a 250,000 dollar firewall on an internal network, but it may be worth it to install one on external traffic if you can get it set up properly. Knowing your harm is important to a response plan, which assets should you dive to protect first if there is a breach is a very large question in this step.

The most basic form of securing your network access is by implementing a Network Access Control system, or NAC. Doing this prevents unauthorized users from accessing your network directly, as well as keeping employees out of areas of the network that they do not need access to in order to do their job.

After you have your NAC implemented, you need an Intrusion Protection System, or IPS, which comes commonly in the form of a firewall, either digital or physical. It is recommended that you use a 2nd generation firewall, as it has a feature that performs an advanced analysis on all network traffic that passes through, flagging unusual cases.

Identity and Access Management means that you control what users have access to based on automatically or manually presented credentials. This segments the network and may keep damage to a minimum if an employee’s credentials are compromised. It also keeps employees from committing attacks, such as stealing and using credit card information from their customers.

Creating backups is commonplace at home and should become a common practice on an enterprise network system. While we may thing of an outside person obtaining access to a network as a primary threat, more often than not the primary cause of data loss is accidental. To prevent this, you need either on site or off site storage, as well as regular backups of your network. Securing access to your backups is also critical: the data on a recent backup may be as valuable as the data currently on your network.

An easy way for a hacker to gain access to a system or network is through phishing or spear phishing attempts though corporate or private email accounts. If you have a private web server, you may consider requiring encryption for sensitive emails, as well as your own spam filter and employee training program. A filter may get rid of some threats, but a well trained employee eliminates the need for one.

Finally, preventing physical intrusions is an important and mainly forgotten aspect of network security. If someone is able to get on site and into an employee’s office, your entire network may be compromised. Making sure no one breaks into your office is as important as wiping a lost or stolen company device.

This entire list seems a bit daunting to a first time business owner or security professional, and several of these steps could be compressed. For example, the threat list and future threat list could be taken care of in one step, as well as installing NAC and IPS systems, as they are related to how the network is set up. I also do not believe that email should be its own step; While important, it can be combines with IPS and NAC to form a single step. However, I believe that the author left these separate to emphasize that they were all important in their own right. Beyond that, this lengthily process is unfortunately complex and well written out.


-Will G. Eatherly