Basic Firewall and Service Security
One of the most important aspects of securing your system is making sure you have basic firewall and service security. This makes it much harder for a attacker to attempt to exploit your machine. This is reducing the attack service. By securing the network settings makes it much more difficult for a malicious hacker to gain access to your device. We accomplish this by enabling the firewall, and being especially coincident of a few vulnerable applications
Enabling the firewall is one of the most important network protections in the CIS guidelines. The firewall is a piece of software that filter through the connections your computer makes and blocks potentially dangerous connections. This is incredibly important for securing your system as you block potential bad actors before they can ever communicate with your machine. When the firewall is turned off it may be easier for a attacker to remotely exploit a weakness in a network service running on your machine. For this reason it is vital that you turn the firewall on. To do this go to your Control Panel -> System and Security -> Windows Defender Firewall. Now turn the firewall on and select private. This will by default block all incoming connections on all ports.
You also may want to enable logging. This makes windows firewall log a inbound connection. As after a event transpires it is incredibly difficult or impossible to understand what happened. This is to at least log and be able to see the incoming connections after they have taken place.
Dangerous Applications and Ports
The other part of establishing and maintaining basic firewall and system security is monitoring the applications and services you run. Some applications may require you to open a port in order to work. While having a port open on your machine may not necessarily point to a vulnerability. Some of the most commonly exploited applications run over specific ports. While these may be disabled by default it is vital that these applications and ports are not exposed. As they are potentially exploitable from bad actors.
- Port 21 – This port is the default for the FTP protocol. This is a commonly used port to transfer files across the network however it is also a vulnerability. This is why in addition to closing port 21, CIS recommends you keep the Microsoft FTP service as running a non-secure FTP server from a workstation increases the attack service dramatically.
- Port 22 – SSH is a vital protocol for remote management of servers, as it provides a secure encrypted connection between two computers, however it is advised that OpenSSH stays disabled. As running a SSH server from a workstation increased the attack surface
- Port 1900 – Another default port for a commonly exploited target. The default port for UPnP or Universal Plug and Play. Along with closing the port CIS recommends you disable the UPnP device hub service.
- Port 3389 – RDP or Remote Desktop Protocol is the port that runs over this port. Unless you have a specific requirement or use case this port should be kept closed with CIS guidelines.
Basic firewall and service security are only a small portion of making your computer CIS compliant. You may want to run SecureMyDesktop to see your rating on CIS complicacies and to update the settings to achieve CIS level compliance. It is also important to maintain good security hygiene and make sure you are always following security best practices.