I am finding the hardest part of studying for 70-410 dealing with Windows firewall questions. We have 3rd party hardware and software firewalls in place so the first thing we usually do with a server build is disable the windows firewall. Any preexisting courses here I can check out that has decent coverage of Windows firewall? The big thing is I am not really sure what may be blocked outbound if any by default and if the firewall on Server 2012 would have different default setting then a desktop OS like windows 8.1
Windows firewall training
You're protected against external threats but what happens when a contractor or employee plugs into your network on the inside with an infected laptop?
You should have a serious talk with who ever is in charge of security over there.
We do not allow vendors or employees to plug into those networks they would have to use a Windows Desktop OS that was setup in that network with no internet access. All files transfers over are from a set of internet connected workstations that are very well maintained that would then have to VPN in and pass thru a security device which ensures the machines are running to our specs and no rogue process are running. . If something did happen to get into the network then the 3rd party firewall we use would pretty much take care of it. If not the ACL's on the vswitches and the hardware firewall's would be in place as well. In all honesty the windows firewall being on would just add a false sense of security and create more work troubleshooting. I am not saying the windows firewall is no good but for us where we have a number of Linux,BSD, Apple, Windows servers on some of the same networks a single software solution combined with ASA is a better approach. Except of course when you have to take a number of exams that assume you have MS firewall knowledge
I'm sorry this slipped through my daily checks on questions. @Daniel-Espinal is providing the correct context. In the Microsoft Realm of understanding. The Windows Firewall is the protection that we have for internal threats. Everything you mentioned does protect you from the outside. But there are chances that you take internally without the windows firewall. Usually this from even regular end users brining in their own laptops or usb portable drives or other devices directly into the network and plugging in.
Though your network has plenty of protection and you mention a third party firewall. This is great if you do have vendors and other non domain devices on their own VLAN and firewalled, as it seems you do. But not every company does. Even in a branch office situation, where the vendor may go there and plug in and intentionally or unintentionally put malware onto a system. With the windows firewall you have the ability to control it's spread once they've made inside your network.
Hope this helps the contextual understanding of when and why to use it.
@Ralph-Dejesus In all fairness we turn off the firewall on all of our workstations at my job. It's not something I condone but what can I do? The other techs reasoning is that pings don't work and VNC doesn't work if the firewall is on. To which I just shake my head and sigh. I tried to tell them all you need to do is allow those services through the firewall because it's not worth sacrificing the entire machine just for a few services, but they don't want to hear it.
In an age of Sony hacks and Target hacks you'd think they'd be more inclined to take security a little more serious. They even shot down my idea to implement USB physical locks even though we have to replace a few workstations with damaged USB ports every month.
The answer in that case lies in the images being created beforehand. As long as they're having to manually roll those settings out, if they don't have a script they can run people are going to defer to simply shutting them off for expediency.
There's always a ton of talk about security and compliance, but when the rubber hits the road, no one wants to spend the necessary time to get to that point. That's at least true here in the states (and my personal experience)
So, three choices:
- A netsh script solution to configure the Windows FW as you like
- A powershell script solution to configure the Windows FW as you like
- WDS Server and images with preconfigured firewalls for your company's needs. (This last option may be somewhat overbearing if you don't roll out a lot of machines but honestly I'd rather do it and be prepared for large growth)
What do you not understand about the Windows FW that you'd like to know? To answer the only question I see posed, as far as I've been able to determine it will not block outbound on most common ports by default and it will allow response traffic for that session to get through. We aren't technically requiring it in our environment, yeah? I have been leaving it configured as it was going to be an upcoming requirement and so far I haven't had to create or modify the outbound rules for anyone's applications, only allow inbound.
Sad they would do it over ping, but you'd think they'd at least just disable 'Domain' firewall rather than switching the whole thing off. Been there though.