https://community.isc2.org/t5/Security-for-SMBs/Endpoint-Firewall-rules/m-p/50435#M1 <P>Hi colleagues,</P><P>&nbsp;</P><P>Are there any frameworked recommendations for endpoint (host-based) firewall rules for end-user workstations?&nbsp; I understand my request may result in varying opinions...and that's ok. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>I also know that I will need to review the existing buisness-sanctioned connections to ensure I don't break anything that the bsuiness needs to operate.&nbsp; Thanks in advance for any advice, links to frameworks that provide specific guidance etc.</P> Mon, 09 Oct 2023 10:09:01 GMT d46j48fx 2023-10-09T10:09:01Z https://community.isc2.org/t5/Security-for-SMBs/Endpoint-Firewall-rules/m-p/50435#M1 <P>Hi colleagues,</P><P>&nbsp;</P><P>Are there any frameworked recommendations for endpoint (host-based) firewall rules for end-user workstations?&nbsp; I understand my request may result in varying opinions...and that's ok. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>I also know that I will need to review the existing buisness-sanctioned connections to ensure I don't break anything that the bsuiness needs to operate.&nbsp; Thanks in advance for any advice, links to frameworks that provide specific guidance etc.</P> Mon, 09 Oct 2023 10:09:01 GMT https://community.isc2.org/t5/Security-for-SMBs/Endpoint-Firewall-rules/m-p/50435#M1 d46j48fx 2023-10-09T10:09:01Z https://community.isc2.org/t5/Security-for-SMBs/Endpoint-Firewall-rules/m-p/50437#M2 <P>Assuming you're meaning Windows?</P><P>&nbsp;</P><P><A href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/best-practices-configuring" target="_blank">Best practices for configuring Windows Defender Firewall - Windows security | Microsoft Docs</A></P><P><A href="https://www.cisecurity.org/cis-benchmarks/" target="_blank">CIS Benchmarks (cisecurity.org)</A></P><P>&nbsp;</P><P>&nbsp;</P> Thu, 07 Apr 2022 18:35:37 GMT https://community.isc2.org/t5/Security-for-SMBs/Endpoint-Firewall-rules/m-p/50437#M2 tmekelburg1 2022-04-07T18:35:37Z https://community.isc2.org/t5/Security-for-SMBs/Endpoint-Firewall-rules/m-p/50763#M9 <P>Apologies for the late response!</P><P>&nbsp;</P><P>Yes, Windows.&nbsp; However, the client will be using SentinelOne,&nbsp; not Windows Defender.</P> Thu, 28 Apr 2022 15:24:44 GMT https://community.isc2.org/t5/Security-for-SMBs/Endpoint-Firewall-rules/m-p/50763#M9 d46j48fx 2022-04-28T15:24:44Z https://community.isc2.org/t5/Security-for-SMBs/Endpoint-Firewall-rules/m-p/50768#M10 <P>The standard for Windows is to not change any settings on the firewall because Microsoft defaults it to the most secure setting. For SentinelOne, leave it in monitor/audit mode for a few days to view and tailor the alerts for their specific environment. Once you're confident it won't bring their network to a screeching halt, then make it active.&nbsp;</P> Thu, 28 Apr 2022 17:46:00 GMT https://community.isc2.org/t5/Security-for-SMBs/Endpoint-Firewall-rules/m-p/50768#M10 tmekelburg1 2022-04-28T17:46:00Z