Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
d46j48fx
Contributor I
‎04-07-2022 10:08 AM
‎04-07-2022 10:08 AM

Endpoint Firewall rules

Hi colleagues,

 

Are there any frameworked recommendations for endpoint (host-based) firewall rules for end-user workstations?  I understand my request may result in varying opinions...and that's ok. 🙂

I also know that I will need to review the existing buisness-sanctioned connections to ensure I don't break anything that the bsuiness needs to operate.  Thanks in advance for any advice, links to frameworks that provide specific guidance etc.

Reply
0 Kudos
3 Replies
tmekelburg1
Community Champion
‎04-07-2022 02:35 PM
‎04-07-2022 02:35 PM

Assuming you're meaning Windows?

 

Best practices for configuring Windows Defender Firewall - Windows security | Microsoft Docs

CIS Benchmarks (cisecurity.org)

 

 

Reply
d46j48fx
Contributor I
‎04-28-2022 11:24 AM
‎04-28-2022 11:24 AM

Apologies for the late response!

 

Yes, Windows.  However, the client will be using SentinelOne,  not Windows Defender.

Reply
0 Kudos
tmekelburg1
Community Champion
‎04-28-2022 01:46 PM
‎04-28-2022 01:46 PM

The standard for Windows is to not change any settings on the firewall because Microsoft defaults it to the most secure setting. For SentinelOne, leave it in monitor/audit mode for a few days to view and tailor the alerts for their specific environment. Once you're confident it won't bring their network to a screeching halt, then make it active. 

Reply
0 Kudos