It's a matter of fact that modern computer systems are insecure - viruses, malicious actors, Trojan programs, etc. are always trying to breach into our systems using known and yet unpublished bugs in OS and services. MS Windows has a long history of security flows and vulnerabilities, more than hundred bugs are discovered each year in the system. You may install a honeypot from this nice list and assign it a white IP to get an idea of how aggressive are attempts of breaching into your system.

If you think that your rigs are protected by your NAT1) router then think twice (credits arstechnica.com): 

(11/29/2018) More than 45,000 Internet routers have been compromised by a newly discovered campaign that’s designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers said Wednesday... As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports.

Also consider reading the following articles on DNS-rebinding technique which among others may be used for stealing money from selected e-Wallets:

  1. https://blog.hacker.af/how-your-ethereum-can-be-stolen-using-dns-rebinding
  2. https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
  3. https://github.com/filetofirewall/fof
  4. https://medium.com/coinmonks/the-call-is-coming-from-inside-the-house-dns-rebinding-in-eosio-keosd-wallet-e11deae05974
  5. https://github.com/transmission/transmission/pull/468
  6. https://labs.mwrinfosecurity.com/advisories/minikube-rce/
  7. http://benmmurphy.github.io/blog/2016/07/11/rails-webconsole-dns-rebinding/
  8. https://bugs.chromium.org/p/project-zero/issues/detail?id=1471&desc=3#maincol
  9. https://labs.mwrinfosecurity.com/blog/from-http-referer-to-aws-security-credentials/

If you are interesting in security of computer systems then I would recommend you to learn how to use Nmap network scanner or/and OpenVAS tools. Who knows, may be you'll find a new bug in MS products and earn $100,000 by submitting the bug report to MS bounty program.

Configuring Windows Defender Firewall

Unfortunately, a computer connected by Ethernet2) cable to a network can't be 100% secured, there is always a risk of being compromised, but we may lower the risk by protecting our system by the mean of Windows Defender Firewall3)

Consider the quote below (credits rackspace.com Best practices for firewall rules configuration): 

Block all traffic by default and explicitly allow only specific traffic to known services. This strategy provides good control over the traffic and reduces the possibility of a breach because of service misconfiguration.

I'm totally agree with it. We'll configure windows firewall in exactly the same way - block all inbound connections and add rules for allowing selected services to be able accept incoming packets. Note: services such as TeamViewer, RDP, etc. will be not affected, they will continue working as before.

You may configure Windows Firewall either manually by following this how-to or by running the script ConfigureFirewall.bat

Blocking inbound connections

STEP 1. Open firewall control panel

1. Press WINLOGO+S to open search dialog.

2. Type firewall into the search box.

3. Click the Check firewall status item

Firewall

attachmentfirewall_00.pdn

STEP 2. Verify firewall status

4. Be sure that firewall is ON for all of your networks.

5. Use the Turn Windows Defender Firewall on or off control panel if firewall is off for some of your networks.

Firewall

attachmentfirewall_01.pdn

STEP 3. Open Advanced Settings panel

6. Click the Advanced settings menu item.

Firewall

attachmentfirewall_02.pdn

STEP 4. Verify default policy

7. Each Profile should be configured as follows: 

Windows Defender Firewall is on.
Inbound connections that do not match a rule are blocked.
Outbound connections that do not match a rule are allowed.

8. If your configuration differs from the above settings, then click the Windows Defender Firewall property label to call the configuration dialog and follow clauses 9 and 10. If it's OK, the jump to STEP 5

Firewall

attachmentfirewall_03.pdn

9. Click each profile's tab and configure the State fields as follows: 

Firewall state: On (recommended)
Inbound connections: Block(default)
Outbound connections: Allow (default)

10. If your configuration differs from the above settings, then click the Windows Defender Firewall property label to call the configuration dialog.

Firewall

attachmentfirewall_04.pdn

STEP 5. Backup firewall configuration

I recommend to save your current firewall configuration into a file. You'll be able to undo all of your changes if something goes wrong by importing this settings back.

11. Click the Export Policy items

Firewall

attachmentfirewall_05.pdn

12. Select a folder (it's up to you).

13. Type a name of the exporting file, for example firewall_settings. It'll be saved with the wfw extension.

14. Press the Save button.

Firewall

attachmentfirewall_06.pdn

15. Click the OK button.

Firewall

attachmentfirewall_07.pdn

STEP 6. Disable existing Allow rules

Let's disable all existing firewall rules which allow some inbound connections.

16. Click the Inbound rules item.

17. Click the Filter by state item to show the popup menu.

18. Click the Filter by Enabled item in popup menu.

Firewall

attachmentfirewall_08.pdn

Selecting all rules

19. Click the header of the Action column to get sorted list.

20. Select the first item in the list by clicking on it.

21. Scroll down the list by mouse wheel or using scrollbar.

Firewall

attachmentfirewall_09.pdn

22. Scroll to the last Allow rule (it's particular name is unimportant, it could be a last item in the list at the very bottom)

23. Press the Shift key on your keyboard and while keeping it in pressed state click the last item with the left mouse button to select all Allow items in the list. They all should turn blue (selected).

24. Click the Disable rule item. Wait from 1 to 10 seconds.

25. Click the Clear All Filters item

Firewall

attachmentfirewall_10.pdn

Your final list may looks something like this.

26. Note the absence on any icons Allow(green)/Block(red) in front of rule's name.

Firewall

attachmentfirewall_11.pdn

Well done! Continue to the next section - Explicitly block unwanted/illegal traffic

1)
https://en.wikipedia.org/wiki/Network_address_translation
2)
https://en.wikipedia.org/wiki/Ethernet
3)
https://en.wikipedia.org/wiki/Windows_Firewall