Firewall Rules: Cyber Security Basics

TL;DR

A boundary firewall protects your network by controlling what traffic is allowed in and out. This guide shows you how to check, create, and manage rules to keep unwanted connections away.

Checking Existing Firewall Rules

1. Access Your Firewall: How you do this depends on your firewall (e.g., Windows Firewall, a router’s interface, or a dedicated firewall appliance). Usually, it involves logging into the device’s settings.
   For example, on Windows:

   Control Panel > System and Security > Windows Defender Firewall

2. Review Inbound Rules: These rules control connections *to* your network. Look for rules that allow traffic from specific sources (IP addresses or networks) to specific ports.
   Pay attention to any ‘Allow’ rules you don’t recognise.
3. Review Outbound Rules: These rules control connections *from* your network. Check if applications are allowed to connect to the internet, and whether those permissions are necessary.
4. Look for Default Policies: Most firewalls have default policies (e.g., block all inbound traffic except what’s explicitly allowed). Understand what these defaults are.

Creating a New Firewall Rule

1. Identify the Need: What connection needs to be allowed? For example, you might need to allow access to a web server on port 80 (HTTP) or 443 (HTTPS).
2. Access Your Firewall Settings: As in step 1 above.
3. Create a New Rule: Look for options like ‘New Rule’, ‘Add Rule’ or similar.
   On Windows:

   Windows Defender Firewall > Advanced settings > Inbound Rules > New Rule...

4. Rule Type: Choose the appropriate type (e.g., Port, Program, Predefined). Port is common for allowing specific services.
   Select ‘Port’ and then specify TCP or UDP and the port number(s).
5. Protocol and Ports: Specify the protocol (TCP or UDP) and the port numbers that the rule applies to. For example, TCP port 80.
6. Scope: Define which IP addresses are allowed/blocked.
   • Local IP Address: Your network’s IP address.
   • Remote IP Address: The IP address(es) that are allowed to connect (or blocked from connecting). You can specify a single IP, a range, or ‘Any’. Be careful with ‘Any’!
7. Action: Choose ‘Allow the connection’ or ‘Block the connection’.
8. Profile: Select which network profiles the rule applies to (e.g., Domain, Private, Public). Usually, you’ll want it active on ‘Private’ networks at least.
9. Name and Description: Give the rule a clear name and description so you know what it does later.

Managing Firewall Rules

1. Disable Unnecessary Rules: If a rule is no longer needed, disable it instead of deleting it (in case you need to re-enable it).
2. Delete Redundant Rules: Remove rules that duplicate functionality.
3. Regularly Review: Make time to review your firewall rules periodically (e.g., every 6 months) to ensure they are still appropriate and secure.
4. Logging: Enable firewall logging if possible. This can help you identify suspicious activity.
   On Windows:

   Windows Defender Firewall > Advanced settings > Logging...

Important Considerations

• Least Privilege: Only allow the minimum necessary traffic. Don’t open ports or allow connections unless absolutely required.
• Default Deny: Configure your firewall to block all incoming traffic by default, and then explicitly allow what you need.
• Keep Software Updated: Ensure your firewall software is up-to-date with the latest security patches.