Continuous Integration and Deployment for Docker Workloads on Azure Container Service
Demystifying the Windows Firewall – Learn how to irritate attackers without crippling your network
Play Demystifying the Windows Firewall – Learn how to irritate attackers without crippling your network
Description
In 2016, host based firewalls are not optional in a Cybersecurity strategy. Windows comes with a built in and powerful firewall, however the Windows Firewall has a reputation for being difficult to troubleshoot and manage, which leads to it being turned off in most organizations and not well understood. We'll walk through the ins and outs of the Windows Firewall, the attacks it prevents, strategies for managing firewall profiles in complex enterprise environments, planning a rollout that doesn't break everything and troubleshooting when everything does break. We'll also dive into the misunderstood magic of IPsec, showcasing the capabilities available to your customer (identify based firewall rules!) if they embrace the Windows solution, how to unravel the mysteries of “why is my IPsec negotiation failing?” and when and when not to use IPsec.
Download
Right click or Alt+Enter to download this episode
- MP3 (48.2 MB)
- Mid Quality MP4 (208.3 MB)
- High Quality MP4
The Discussion
-
stahtufiang // wmi powershell useless firewall (y) why even try to secure something that is not meant to be secure. what a waste of time.
-
mattoz Great presentation! The rule ordering and IPSec info were all new to me. Also the non-GUI options in custom rules.
-
David Local administrators can still get past rule merging by editing local group policy.
-
George You can also see the source of the firewall rule by enabling the "Rule Source" column within the Advanced Firewall console.
https://social.technet.microsoft.com/wiki/contents/articles/13894.troubleshooting-windows-firewall-with-advanced-security-in-windows-server-2012.aspx#Using_Monitoring_in_Windows_Firewall_with_Advanced_Security -
David Also there is actually a flaw within connection security rules for User authentication part where it does not strictly act as configured. (Tested on 20H2).
Computer A. Connection security + firewall states. Computer B and Only User 1 can access.
User 1 logs on to Computer B. Accesses resources stipulated in the above rule.
User 2 logs on to Computer B. Should not be granted access to resources stipulated in above rule however since User 1 recently accessed resource does get access.
More episodes in this series
Hear about Azure ScaleSets
Related episodes
Amplify your Awesome
Your attacker thinks like my attacker: A common threat model to create better defense
Once More into the Inevitable Breach - Learn the techniques real hackers use so you can…
Anatomy of the Attack - How Cybersecurity Investigations Actually Work
Windows Event Forwarding - Centralized logging for everyone! (Even if you already have…
