Defence in depth is essential to an effective security configuration of any operational environment - more is better and you should know this by now - simple security no longer cuts the cheese...
Because we are now paying for a multitude of swanky security products from the core to the perimeter we may find that we just do not have the money to buy an additional software firewall to protect the hosts themselves... but "hey ho", why should we have to spend more money when we have Windows Firewall included with Windows server 2008 and now 2012?
Right now let's assume we have minimal budget left and a last layer of firewall to configure on our hosts so we decide to skimp it and turn on windows firewall. We go ahead and configure it to work they way we want it to ...and then suddenly out of the blue... BANG! - our primary application stops responding to requests.. What the hell just happened!!!!!
Okay, now this is where I get to say "Did you know"???
1. Simply logging onto a server as a local administrator and opening an application can cause untold hardships thanks to Windows firewall and its api bondage to installed applications and this is without you even realising what just happened... Next, next, finish... Thank you. Like when UAC prompts you that it is making a change to your system .. do you just click "OK" - do you realise that you may have just broken the system and cost the company money?? come on, get with it!
2. Microsoft kindly allows any application running with elevated rights to interface with Windows Firewall and create rules automatically, what a nice firewall - NOT.. well it may be nice until it breaks something.. Know your trade, trust no one - not even your windows firewall.. it might just trick you!
3. You cannot disable applications from creating Windows Firewall rules - great, thanks Microsoft for this non granular control - you make my life worth living...blah!
How to be at peace with Windows Firewall:
So know your goal, prevent local application automatically creating firewall rules that tear your world apart - to accomplish your goal and findd inner peace - disable local firewall rules using your friend and mine - Group Policy. It can be done - do you really need me to show you how to do it. Hint = Google is your friend... use your friend. (http://technet.microsoft.com/en-us/library/cc732770(v=ws.10).aspx)
Just remember if you disable local firewall rules you must create a group policy object that replicates all the local firewall rules thorough group policy..
Do you feel empowered now - I'm guessing so...
No comments:
Post a Comment