0

  1. For a PC that only needs basic internet access, for web browsers and updates, generally speaking, is there any need for incoming ports to be opened on the pc's firewall?

  2. If outgoing port filtering is enabled on a pc's outgoing firewall, how do you determine the ports needed for the application? I guess there could be documentation\google\forum somewhere, but if not, is packet netstat\packet filtering the only way to go?

  3. Does microsoft have a list of all the services that come in Windows that need network connectivity? like a list of them all. Because if outgoing connections are filtered, they need to each be whitelisted.

j. doe
  • 11
  • 2
  • 3rd party firewalls typically include a learning/notification/whatever-they-call-it mode for this very reason - so you can run your system for a while and figure out what exceptions you'll need. You can enable logging and checking your logs for what's being blocked with Windows Firewall, then decide whether or not to create an exception for that traffic, but if your complaint is that setting up a firewall policy is a pain in the ass... well, yes, it is. – HopelessN00b Jun 13 '16 at 18:36
  • Thanks, I was thinking of using something like Zone Alarm, which I know prompts you for each exe. But if I were to enable firewall settings for a group of pcs in a domain, I would want to be able to export said settings from the 3rd party firewall in a format that can be imported into Windows firewall – j. doe Jun 13 '16 at 18:39
  • [Windows Firewall Auditing mode](https://technet.microsoft.com/en-us/library/ff428143(v=ws.10).aspx) is your friend in a situation like this, but it's just going to be pretty horrible, regardless. That's the very reason you rarely see a good, comprehensive firewall policy - they're expensive, time consuming and horrible to create in the first place, and are expensive, time consuming and horrible to maintain as well. – HopelessN00b Jun 13 '16 at 18:43
  • thank you again. Another question. Is there any need for incoming ports to be opened? This would be for a basic computer, say for a home environment. Because, by default, there are a ton of rules to allow traffic, but when I disable them all, I notice no inconveniences. Why are they there in the first place? Obviously im trying to get the lay of the land – j. doe Jun 13 '16 at 18:47
  • Well, the incoming ports question comes down to whether you actually expect to receive any inbound traffic. Sounds like you don't, but some do. I have some inbound exceptions on my PC that I actually use on a regular basis, for example. – HopelessN00b Jun 13 '16 at 18:57

1 Answers1

1
  1. No. Incoming ports should only be whitelisted when the computer is intentionally providing a service to the outside world (e.g. web server, RDP, etc.).
  2. Yes, inspecting the traffic is the only way unless you already have an exhaustive list of software running on the machine and know which ports it relies on. However, this is generally not necessary for home users and extremely difficult to do correctly. If you are the user, it's far easier to educate yourself about avoiding malware. If you have other, less technical, people in the house, you may want to go the software firewall (e.g. ZoneAlarm) route and set it up to block everything by default (perhaps even require a password to whitelist, if that feature is offered).
  3. There are knowledge-base articles, but they may not be 100% lists. In any case, please refer to #2 before going this route.
Community
  • 1
Dan
  • 208
  • 1
  • 7