Thread: Windows 8 Firewall - How Good Is It?
View Single Post
  #17  
Old June 10th 13, 08:18 PM posted to alt.comp.os.windows-8
Todd[_5_]
external usenet poster
  
Posts: 724
Default Windows 8 Firewall - How Good Is It?
On 06/09/2013 09:59 AM, Juan Wei wrote:
Juan Wei has written on 6/8/2013 5:47 PM:
Todd has written on 6/8/2013 4:23 PM:
Is anybody here concerned about the effectiveness of the
Windows 8 firewall? Did you install a third-party one?

Hi,

I write iptables (Linux) firewalls for a living.

One of the big issues with M$ is that they couldn't give
a hoot about security. They are all about marketing.
M$ has frequently left services open that can be
easily exploited.

Go look how your firewall performs for yourself at
GRC. You are looking for the Shields Up test.

https://www.grc.com/x/ne.dll?bh0bkyd2

If you are shooting through a NAT router (if your
I.P. is 192.168.xxx.xxx, you have a NAT router),
you will need to connect directly to the Internet.

How do you do that?

You want all your ports to be in stealth mode (drop)
when probed from the outside, unless you deliberately
have a service open for something.

My Westell 327W has these firewall modes:

1. Maximum Security (High) The high security setting only allows basic
Internet functionality. The High security setting guarantees to only
pass Mail, News, Web, FTP, and IPSEC. All other traffic is not allowed.
High security restricts modification by NAT configuration options.

2. Typical Security (Medium) The medium security setting only allows
basic Internet functionality by default, just like High level security.
Medium security, however, allows customization through Port Forwarding
configuration so certain traffic can pass.

3. Minimum Security (Low) The low security setting will allow all
traffic except for known attacks. With low, your modem is visible by
other computers on the Internet.

4. No Security

5. Custom Security. Default "Inbound" rules:

title [ Security Level Low IN rules ]

begin
RulesDropFrom192
drop from addr %LANADDR%:%LANMASK% done, alert 0 [WAN Traffic from
LAN IP]
RulesPass
pass all

RulesDropAddress
drop from addr 0.0.0.0 done, alert 4 [ 0.0.0.0 Source IP Address]
RulesPassUDP
pass protocol udp, to port 53 done
pass protocol udp, from port 53 done

RulesDropICMP
drop protocol icmp alert 4 [ICMP Message To WAN IP]
RulesDropWANUDP
drop protocol udp, to addr %WANADDR%:32 done, alert 4 [UDP WAN
Traffic to WAN IP]
RulesDropWANTCP
drop protocol tcp, to addr %WANADDR%:32 done, alert 4 [TCP WAN
Traffic to WAN IP]
RulesPassGoodICMP
pass protocol icmp, to addr %WANADDR%:32 done, alert 0 [Responding to
WAN Ping]
RulesPassGoodICMP
pass protocol icmp, to addr %LANADDR%:%LANMASK% done, alert 0 [Nat'ed
LOCAL PING]
end

Default "Outbound" rules:

title [ Security Level Low OUT rules ]

begin
RulesDropNETBIOS
drop to port = 135, to port = 139 done, alert 4 [Dropping NETBIOS
Traffic]

RulesPass
pass all

end


What do you recommend?

Many thanks. You're providing a very important service here.


Just go for the Typical (Medium). The High will be a pain in the butt.
Make sure you have your personal firewall (meaning the one on your own
computer) active as well.

The idea here is to set up several fences. Don't rely on a single
fence for all your protection. It is easy for the bad guys to find
ways over a single fence, but multiples give them a bad time.

Another good fence is to not use Internet Explorer or anything that uses
it for its rendering engine (Outlook, etc.)

And, use only as many Windows based computers as you are forced to.
Ads