Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
windows:tuning:firewall_configure [2019/01/30 12:00]
wikiadmin 		windows:tuning:firewall_configure [2019/03/26 11:14] (current)
wikiadmin [Configuring Windows Defender Firewall]
Line 4: Line 4:
 <​code>​(11/​29/​2018) More than 45,000 Internet routers have been compromised by a newly discovered campaign that’s designed to open networks to attacks by EternalBlue,​ the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers said Wednesday... As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports. ​ <​code>​(11/​29/​2018) More than 45,000 Internet routers have been compromised by a newly discovered campaign that’s designed to open networks to attacks by EternalBlue,​ the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers said Wednesday... As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports. ​
 </​code>​ </​code>​
 +Also consider reading the following articles on DNS-rebinding technique which among others may be used for stealing money from selected e-Wallets:
 +
 +1. https://​blog.hacker.af/​how-your-ethereum-can-be-stolen-using-dns-rebinding
 +2. https://​medium.com/​@brannondorsey/​attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
 +3. https://​github.com/​filetofirewall/​fof
 +4. https://​medium.com/​coinmonks/​the-call-is-coming-from-inside-the-house-dns-rebinding-in-eosio-keosd-wallet-e11deae05974
 +5. https://​github.com/​transmission/​transmission/​pull/​468
 +6. https://​labs.mwrinfosecurity.com/​advisories/​minikube-rce/​
 +7. http://​benmmurphy.github.io/​blog/​2016/​07/​11/​rails-webconsole-dns-rebinding/​
 +8. https://​bugs.chromium.org/​p/​project-zero/​issues/​detail?​id=1471&​desc=3#​maincol
 +9. https://​labs.mwrinfosecurity.com/​blog/​from-http-referer-to-aws-security-credentials/​
  
 <WRAP center round info 80%> <WRAP center round info 80%>
Line 19: Line 30:
  
 ---- ----
 +<WRAP center round info 80%>
 You may configure Windows Firewall either manually by following this how-to or by running the script [[windows:​rigutils:​windows_tuning:​configurefirewall.bat|ConfigureFirewall.bat]] You may configure Windows Firewall either manually by following this how-to or by running the script [[windows:​rigutils:​windows_tuning:​configurefirewall.bat|ConfigureFirewall.bat]]
 +</​WRAP>​
  
 === Blocking inbound connections === === Blocking inbound connections ===
  
-** STEP ~~#STEP~~**. Open firewall control panel+**{{anchor:​step1:​STEP 1. Open firewall control panel}}** 
 <WRAP group> <WRAP group>
 <WRAP half column> <WRAP half column>
Line 40: Line 54:
 </​WRAP>​ </​WRAP>​
 ---- ----
-** STEP ~~#STEP~~**. Verify firewall status+** STEP ~~#STEP2~~**. Verify firewall status
 <WRAP group> <WRAP group>
 <WRAP half column> <WRAP half column>
Line 54: Line 68:
 </​WRAP>​ </​WRAP>​
 </​WRAP>​ </​WRAP>​
 +----
 +** STEP ~~#​STEP~~**. Open Advanced Settings panel
 +<WRAP group>
 +<WRAP half column>
 +~~#~~. Click the ''​Advanced settings''​ menu item.
  
-=== Getting a list of LISTENING services ===+</​WRAP>​ 
 +<WRAP half column>​ 
 +{{:​windows:​tuning:​firewall_02.png?​direct&​400|Firewall}}
  
-To get list of all LISTENING ports on your PC run((See [[:windows:software|cmd.exe]])) the command: +<wrap lo>​{{material>​attachment}}{{:windows:tuning:​firewall_02.pdn|firewall_02.pdn}}</​wrap>​ 
-<code batch>netstat -an | findstr LISTEN</code>+</WRAP> 
 +</WRAP>
  
-or this small one-liner to get the same list extended by process info:+---- 
 +**STEP ~~#​STEP~~**. Verify default policy 
 +<WRAP group> 
 +<WRAP half column>​ 
 +~~#~~. Each Profile should be configured as follows: 
 +<​code>​ 
 +Windows Defender Firewall is on. 
 +Inbound connections that do not match a rule are blocked. 
 +Outbound connections that do not match a rule are allowed. 
 +</​code>​ 
 +~~#~~. If your configuration differs from the above settings, then click the ''​Windows Defender Firewall property''​ label to call the configuration dialog and follow clauses 9 and 10. If it's OK, the jump to **[[#​step5|STEP 5]]** 
 +</​WRAP>​ 
 +<WRAP half column>​ 
 +{{:​windows:​tuning:firewall_03.png?​direct&​400|Firewall}}
  
-<code powershell>powershell -Command "& Get-NetTCPConnection | ? {($_.State -eq '​Listen'​) -and ($_.RemoteAddress -eq '​0.0.0.0'​)| ForEach ​$n=(Get-Process -ErrorAction SilentlyContinue -PID $_.OwningProcess -FileVersionInfo ).FileName; if ( $n -eq $null ) $n=(Get-Process -ErrorAction SilentlyContinue -PID $_.OwningProcess).Name }; New-Object PSObject -Property @{ Port=$_.LocalPort;​ Name=$n; PID=$_.OwningProcess ​}"</code>+<wrap lo>{{material>​attachment}}{{:​windows:​tuning:​firewall_03.pdn|firewall_03.pdn}}</wrap> 
 +</​WRAP>​ 
 +</WRAP>
  
-This a possible output of the above command on freshly installed Windows machine:+---- 
 +<WRAP group> 
 +<WRAP half column>​ 
 +~~#~~. Click each profile'​s tab and configure ​the ''​State''​ fields as follows: 
 +<​code>​ 
 +Firewall state: On (recommended) 
 +Inbound connections:​ Block(default) 
 +Outbound connections:​ Allow (default) 
 +</​code>​
  
-{{:​windows:​tuning:​netstat_00.png?400|netstat}}+~~#~~. If your configuration differs from the above settings, then click the ''​Windows Defender Firewall property''​ label to call the configuration dialog. 
 +</​WRAP>​ 
 +<WRAP half column>​ 
 +{{:​windows:​tuning:​firewall_04.png?direct&400|Firewall}}
  
-<wrap lo>​{{material>​attachment}}{{:​windows:​tuning:​netstat_00.pdn|netstat_00.pdn}}</​wrap>​+<wrap lo>​{{material>​attachment}}{{:​windows:​tuning:​firewall_04.pdn|firewall_04.pdn}}</​wrap
 +</​WRAP>​ 
 +</WRAP>
  
 ---- ----
 +**{{anchor:​step5:​STEP 5. Backup firewall configuration}}**
 +<WRAP group>
 +<WRAP half column>
 +I recommend to save your current firewall configuration into a file. You'll be able to undo all of your changes if something goes wrong by importing this settings back.
  
 +~~#~~. Click the ''​Export Policy''​ items
 +</​WRAP>​
 +<WRAP half column>
 +{{:​windows:​tuning:​firewall_05.png?​direct&​400|Firewall}}
  
 +<wrap lo>​{{material>​attachment}}{{:​windows:​tuning:​firewall_05.pdn|firewall_05.pdn}}</​wrap>​
 +</​WRAP>​
 +</​WRAP>​
 +
 +----
 +<WRAP group>
 +<WRAP half column>
 +
 +~~#~~. Select a folder (it's up to you).
 +
 +~~#~~. Type a name of the exporting file, for example ''​firewall_settings''​. It'll be saved with the ''​wfw''​ extension.
 +
 +~~#~~. Press the ''​Save''​ button.
 +
 +</​WRAP>​
 +<WRAP half column>
 +{{:​windows:​tuning:​firewall_06.png?​direct&​400|Firewall}}
 +
 +<wrap lo>​{{material>​attachment}}{{:​windows:​tuning:​firewall_06.pdn|firewall_06.pdn}}</​wrap>​
 +</​WRAP>​
 +</​WRAP>​
 +
 +----
 +<WRAP group>
 +<WRAP half column>
 +~~#~~. Click the ''​OK''​ button.
 +</​WRAP>​
 +<WRAP half column>
 +{{:​windows:​tuning:​firewall_07.png?​direct&​400|Firewall}}
 +
 +<wrap lo>​{{material>​attachment}}{{:​windows:​tuning:​firewall_07.pdn|firewall_07.pdn}}</​wrap>​
 +</​WRAP>​
 +</​WRAP>​
 +----
 +**STEP ~~#​STEP6~~**. Disable existing ''​Allow''​ rules
 +<WRAP group>
 +<WRAP half column>
 +Let's disable **all** existing firewall rules which allow some inbound connections.
 +
 +~~#~~. Click the ''​Inbound rules''​ item.
 +
 +~~#~~. Click the ''​Filter by state''​ item to show the popup menu.
 +
 +~~#~~. Click the ''​Filter by Enabled''​ item in popup menu.
 +</​WRAP>​
 +<WRAP half column>
 +{{:​windows:​tuning:​firewall_08.png?​direct&​400|Firewall}}
 +
 +<wrap lo>​{{material>​attachment}}{{:​windows:​tuning:​firewall_08.pdn|firewall_08.pdn}}</​wrap>​
 +</​WRAP>​
 +</​WRAP>​
 +
 +----
 +<WRAP group>
 +<WRAP half column>
 +Selecting all rules
 +
 +~~#~~. Click the header of the ''​Action''​ column to get sorted list.
 +
 +~~#~~. Select the first item in the list by clicking on it.
 +
 +~~#~~. Scroll down the list by mouse wheel or using scrollbar.
 +</​WRAP>​
 +<WRAP half column>
 +{{:​windows:​tuning:​firewall_09.png?​direct&​400|Firewall}}
 +
 +<wrap lo>​{{material>​attachment}}{{:​windows:​tuning:​firewall_09.pdn|firewall_09.pdn}}</​wrap>​
 +</​WRAP>​
 +</​WRAP>​
 +
 +----
 +<WRAP group>
 +<WRAP half column>
 +
 +~~#~~. Scroll to the last ''​Allow''​ rule (it's particular name is unimportant,​ it could be a last item in the list at the very bottom)
 +
 +~~#~~. Press the ''​Shift''​ key on your keyboard and while keeping it in pressed state click the last item with the left mouse button to select all //Allow// items in the list. They all should turn blue (selected).
 +
 +~~#~~. Click the ''​Disable rule''​ item. **Wait** from 1 to 10 seconds.
 +
 +~~#~~. Click the ''​Clear All Filters''​ item
 +</​WRAP>​
 +<WRAP half column>
 +{{:​windows:​tuning:​firewall_10.png?​direct&​400|Firewall}}
 +
 +<wrap lo>​{{material>​attachment}}{{:​windows:​tuning:​firewall_10.pdn|firewall_10.pdn}}</​wrap>​
 +</​WRAP>​
 +</​WRAP>​
 +
 +----
 +<WRAP group>
 +<WRAP half column>
 +Your final list may looks something like this.
 +
 +~~#~~. Note the absence on any icons Allow(green)/​Block(red) in front of rule's name.
 +</​WRAP>​
 +<WRAP half column>
 +{{:​windows:​tuning:​firewall_11.png?​direct&​400|Firewall}}
 +
 +<wrap lo>​{{material>​attachment}}{{:​windows:​tuning:​firewall_11.pdn|firewall_11.pdn}}</​wrap>​
 +</​WRAP>​
 +</​WRAP>​
 +----
 +Well done! Continue to the next section - [[:​windows:​tuning:​firewall_block_ports|Explicitly block unwanted/​illegal traffic]]
Detach Close

This topic does not exist yet

You've followed a link to a topic that doesn't exist yet. If permissions allow, you may create it by clicking on “Create this page”.