Windows Firewall
-
@dashrender said in Windows Firewall:
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
So even though we provide hardware Firewalls to every site its still a problem?
First Way:
Network Edge firewalls do almost nothing to protect workloads inside of the company. The majority of network risks originate inside the LAN, not from outside of it. That's not to say that that edge firewall is a bad thing, it's quite good, but it is trivial in importance compared to the ones on the computers because they do the same job that it does, and a lot more. The firewall on the network edge is almost superfluous as it is redundant with the vastly more important system firewalls.
Basically you "need" the Windows Firewall here, the extra network edge firewall is good, but just a "nicety." You can replace the hardware firewall with the Windows firewalls, but not vice versa.
However, the best practice is that you never, ever skip either. It's always both.
I understand what you're saying, but i would like to point out, that we dont use edge routers, we have a variety of cisco and linksys switches and provide sonic walls to every site (I believe because everyones that has called in talks about the sonic wall).
Those are all edge routers. You can't not use them, it's effectively impossible. Sonic Walls are just cheap crappy edge routers.
Just make sure you know what Scott is talking about, by edge router, he means a routing device that's on the edge of the network, not the EdgeRouter from Ubiquiti.
Or from anyone. Just a router on the edge of the network. The name for any device that allows the WAN link (cable line, DSL, fiber, whatever) to interface to the network.
-
My apologies for not stating this clearly.
Comcast router -->> Watchguard Firewall -->> Cybera Router -->>PaySafe Firewall (EchoSAT).
I had to get permission to connect our backoffice which is offsite by statically addressing one of the Watchguard ports and then routing into the Cybera -- all done over VPN. While it works fine, it's just a little wonky to try to explain to the powers that be why we are doing it this way. Otherwise, I'l have to add an onsite Windows host. Just more layers.
Edit: I connected the specified Watchguard port to the POS (Cybera) router.
-
The topic of Windows Firewall came up again today when a site had turned it on
When I asked "Shouldnt there be a way to write rules in the windows firewall so that we could just keep it on?"
He replied: "look into that, and see what you can find. It would have been better for the vendor to add that to their image they give us to boot the POS but if you can find a way to do it we can try it that way." -
@wrcombs said in Windows Firewall:
The topic of Windows Firewall came up again today when a site had turned it on
When I asked "Shouldnt there be a way to write rules in the windows firewall so that we could just keep it on?"
He replied: "look into that, and see what you can find. It would have been better for the vendor to add that to their image they give us to boot the POS but if you can find a way to do it we can try it that way."That's a win in my book, now setup wireshark and see what the hell is being used!
-
@dustinb3403 said in Windows Firewall:
@wrcombs said in Windows Firewall:
The topic of Windows Firewall came up again today when a site had turned it on
When I asked "Shouldnt there be a way to write rules in the windows firewall so that we could just keep it on?"
He replied: "look into that, and see what you can find. It would have been better for the vendor to add that to their image they give us to boot the POS but if you can find a way to do it we can try it that way."That's a win in my book, now setup wireshark and see what the hell is being used!
My weekend plans basically. or maybe monday morning.. lets see what happens.
-
@dustinb3403 said in Windows Firewall:
@wrcombs said in Windows Firewall:
The topic of Windows Firewall came up again today when a site had turned it on
When I asked "Shouldnt there be a way to write rules in the windows firewall so that we could just keep it on?"
He replied: "look into that, and see what you can find. It would have been better for the vendor to add that to their image they give us to boot the POS but if you can find a way to do it we can try it that way."That's a win in my book, now setup wireshark and see what the hell is being used!
Or just visit the vendor website and see what ports it uses... You can get the info from resource monitor too. That's how I usually find out... It's quicker.
-
@dustinb3403 said in Windows Firewall:
@wrcombs said in Windows Firewall:
The topic of Windows Firewall came up again today when a site had turned it on
When I asked "Shouldnt there be a way to write rules in the windows firewall so that we could just keep it on?"
He replied: "look into that, and see what you can find. It would have been better for the vendor to add that to their image they give us to boot the POS but if you can find a way to do it we can try it that way."That's a win in my book, now setup wireshark and see what the hell is being used!
Or just look at netstat and know instantly.
-
@scottalanmiller said in Windows Firewall:
@dustinb3403 said in Windows Firewall:
@wrcombs said in Windows Firewall:
The topic of Windows Firewall came up again today when a site had turned it on
When I asked "Shouldnt there be a way to write rules in the windows firewall so that we could just keep it on?"
He replied: "look into that, and see what you can find. It would have been better for the vendor to add that to their image they give us to boot the POS but if you can find a way to do it we can try it that way."That's a win in my book, now setup wireshark and see what the hell is being used!
Or just look at netstat and know instantly.
Ran netstat in CMD as admin.
Do I use the Foreign address or the IP address? -
@wrcombs said in Windows Firewall:
@scottalanmiller said in Windows Firewall:
@dustinb3403 said in Windows Firewall:
@wrcombs said in Windows Firewall:
The topic of Windows Firewall came up again today when a site had turned it on
When I asked "Shouldnt there be a way to write rules in the windows firewall so that we could just keep it on?"
He replied: "look into that, and see what you can find. It would have been better for the vendor to add that to their image they give us to boot the POS but if you can find a way to do it we can try it that way."That's a win in my book, now setup wireshark and see what the hell is being used!
Or just look at netstat and know instantly.
Ran netstat in CMD as admin.
Do I use the Foreign address or the IP address?Foreign is the device you are connected to. IP address is the local address.
-
@wrcombs said in Windows Firewall:
@scottalanmiller said in Windows Firewall:
@dustinb3403 said in Windows Firewall:
@wrcombs said in Windows Firewall:
The topic of Windows Firewall came up again today when a site had turned it on
When I asked "Shouldnt there be a way to write rules in the windows firewall so that we could just keep it on?"
He replied: "look into that, and see what you can find. It would have been better for the vendor to add that to their image they give us to boot the POS but if you can find a way to do it we can try it that way."That's a win in my book, now setup wireshark and see what the hell is being used!
Or just look at netstat and know instantly.
Ran netstat in CMD as admin.
Do I use the Foreign address or the IP address?Do netstat -a -b
You only care about listening ports.
-
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
@scottalanmiller said in Windows Firewall:
@dustinb3403 said in Windows Firewall:
@wrcombs said in Windows Firewall:
The topic of Windows Firewall came up again today when a site had turned it on
When I asked "Shouldnt there be a way to write rules in the windows firewall so that we could just keep it on?"
He replied: "look into that, and see what you can find. It would have been better for the vendor to add that to their image they give us to boot the POS but if you can find a way to do it we can try it that way."That's a win in my book, now setup wireshark and see what the hell is being used!
Or just look at netstat and know instantly.
Ran netstat in CMD as admin.
Do I use the Foreign address or the IP address?Do netstat -a -b
You only care about listening ports.
Okay Thanks.
-
@wrcombs said in Windows Firewall:
@scottalanmiller said in Windows Firewall:
@wrcombs said in Windows Firewall:
@scottalanmiller said in Windows Firewall:
@dustinb3403 said in Windows Firewall:
@wrcombs said in Windows Firewall:
The topic of Windows Firewall came up again today when a site had turned it on
When I asked "Shouldnt there be a way to write rules in the windows firewall so that we could just keep it on?"
He replied: "look into that, and see what you can find. It would have been better for the vendor to add that to their image they give us to boot the POS but if you can find a way to do it we can try it that way."That's a win in my book, now setup wireshark and see what the hell is being used!
Or just look at netstat and know instantly.
Ran netstat in CMD as admin.
Do I use the Foreign address or the IP address?Do netstat -a -b
You only care about listening ports.
Okay Thanks.
You bet.