What would be the most efficient way of blocking a list of IPs in Windows 2008's Local Security Policy?
Ideally, I would want to block the subnet that the IPs belong to. What IP subnets should I be blocking then?
Asked
Active
Viewed 279 times
1 Answers
3
The more effective way is to block them in Windows Firewall. That has nothing to do with local security policy, other than perhaps pushing out the firewall rule to multiple Windows computers. The path to that policy is Computer Configuration >> Administrative Templates >> Network >> Network Connections >> Windows Firewall.
The most effective way is to block them at your hardware firewall. That is, if they're a menace to the whole network and not just a few specific Windows machines. I prefer to offload sweeping rules like that to hardware and not burden my hosts. It's also administratively easier to manage.
Finally, you can't know how those IP addresses are subnetted by the various providers or single provider that owns that IP space. If you're feeling adventurous, you can just block the 175.44.., 175.42.., etc. space and hope that no-one legitimate is blocked.
Wesley
- 32,320
- 9
- 80
- 116
-
Unfortunately, I don't have a hardware firewall, Wesley. – chuacw Apr 19 '12 at 04:00
-
@chuacw *C'est la vie.* – Wesley Apr 19 '12 at 04:02
-
Hello Wesley, most efficient, not most effective. – chuacw Apr 19 '12 at 04:22
-
1@chuacw - No, it's actually most effecient **and** most effective. Effective because when stopped at the firewall, that traffic doesn't even touch your server's NIC and doesn't take CPU cycles for the kernel to analyze and drop the packets. – EEAA Apr 19 '12 at 04:24
-
I prefer using both a hardware firewall and the windows firewall. Using the Windows firewall is especially recommended for laptops that are usually connected to home networks (or worse). I wrote an article about Firewall GPO's which you might like. http://zeda.nl/t09 – ZEDA-NL Apr 19 '12 at 07:59