Demystifying the Windows Firewall – Learn how to irritate attackers without crippling your network

Play Demystifying the Windows Firewall – Learn how to irritate attackers without crippling your network

The Discussion

  • User profile image
    stahtufiang

    // wmi powershell useless firewall (y) why even try to secure something that is not meant to be secure. what a waste of time.

  • User profile image
    mattoz

    Great presentation!  The rule ordering and IPSec info were all new to me.  Also the non-GUI options in custom rules.

  • User profile image
    David

    Local administrators can still get past rule merging by editing local group policy.

  • User profile image
    George

    You can also see the source of the firewall rule by enabling the "Rule Source" column within the Advanced Firewall console.

    https://social.technet.microsoft.com/wiki/contents/articles/13894.troubleshooting-windows-firewall-with-advanced-security-in-windows-server-2012.aspx#Using_Monitoring_in_Windows_Firewall_with_Advanced_Security

  • User profile image
    David

    Also there is actually a flaw within connection security rules for User authentication part where it does not strictly act as configured. (Tested on 20H2).

    Computer A. Connection security + firewall states. Computer B and Only User 1 can access.
    User 1 logs on to Computer B. Accesses resources stipulated in the above rule.
    User 2 logs on to Computer B. Should not be granted access to resources stipulated in above rule however since User 1 recently accessed resource does get access.

Add Your 2 Cents