**This is an old revision of the document!**

It's a matter of fact that modern computer systems are insecure - viruses, malicious actors, Trojan programs, etc. are always trying to breach into our systems using known and yet unpublished bugs in OS and services. MS Windows has a long history of security flows and vulnerabilities, more than hundred bugs are discovered each year in the system. You may install a honeypot from this nice list and assign it a white IP to get an idea of how aggressive are attempts of breaching into your system.

If you think that your rigs are protected by your NAT1) router then think twice (credits arstechnica.com): 

(11/29/2018) More than 45,000 Internet routers have been compromised by a newly discovered campaign that’s designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers said Wednesday... As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports.

If you are interesting in security of computer systems then I would recommend you to learn how to use Nmap network scanner or/and OpenVAS tools. Who knows, may be you'll find a new bug in MS products and earn $100,000 by submitting the bug report to MS bounty program.

Configuring Windows Defender Firewall

Unfortunately, a computer connected by Ethernet2) cable to a network can't be 100% secured, there is always a risk of being compromised, but we may lower the risk by protecting our system by the mean of Windows Defender Firewall3)

Consider the quote below (credits rackspace.com Best practices for firewall rules configuration): 

Block all traffic by default and explicitly allow only specific traffic to known services. This strategy provides good control over the traffic and reduces the possibility of a breach because of service misconfiguration.

I'm totally agree with it. We'll configure windows firewall in exactly the same way - block all inbound connections and add rules for allowing selected services to be able accept incoming packets. Note: services such as TeamViewer, RDP, etc. will be not affected, they will continue working as before.

You may configure Windows Firewall either manually by following this how-to or by running the script ConfigureFirewall.bat

Blocking inbound connections

STEP 1. Open firewall control panel

1. Press WINLOGO+S to open search dialog.

2. Type firewall into the search box.

3. Click the Check firewall status item

Firewall

attachmentfirewall_00.pdn

STEP 2. Verify firewall status

4. Be sure that firewall is ON for all of your networks.

5. Use the Turn Windows Defender Firewall on or off control panel if firewall is off for some of your networks.

Firewall

attachmentfirewall_01.pdn

Getting a list of LISTENING services

To get list of all LISTENING ports on your PC run4) the command: 

netstat -an | findstr LISTEN

or this small one-liner to get the same list extended by process info: 

powershell -Command "& Get-NetTCPConnection | ? {($_.State -eq 'Listen') -and ($_.RemoteAddress -eq '0.0.0.0')} | ForEach { $n=(Get-Process -ErrorAction SilentlyContinue -PID $_.OwningProcess -FileVersionInfo ).FileName; if ( $n -eq $null ) { $n=(Get-Process -ErrorAction SilentlyContinue -PID $_.OwningProcess).Name }; New-Object PSObject -Property @{ Port=$_.LocalPort; Name=$n; PID=$_.OwningProcess } }"

This a possible output of the above command on freshly installed Windows machine:

netstat

attachmentnetstat_00.pdn

1)
https://en.wikipedia.org/wiki/Network_address_translation
2)
https://en.wikipedia.org/wiki/Ethernet
3)
https://en.wikipedia.org/wiki/Windows_Firewall
4)
See cmd.exe
Detach Close

This topic does not exist yet

You've followed a link to a topic that doesn't exist yet. If permissions allow, you may create it by clicking on “Create this page”.