- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Endpoint Firewall rules
Hi colleagues,
Are there any frameworked recommendations for endpoint (host-based) firewall rules for end-user workstations? I understand my request may result in varying opinions...and that's ok. 🙂
I also know that I will need to review the existing buisness-sanctioned connections to ensure I don't break anything that the bsuiness needs to operate. Thanks in advance for any advice, links to frameworks that provide specific guidance etc.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Assuming you're meaning Windows?
Best practices for configuring Windows Defender Firewall - Windows security | Microsoft Docs
CIS Benchmarks (cisecurity.org)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Apologies for the late response!
Yes, Windows. However, the client will be using SentinelOne, not Windows Defender.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The standard for Windows is to not change any settings on the firewall because Microsoft defaults it to the most secure setting. For SentinelOne, leave it in monitor/audit mode for a few days to view and tailor the alerts for their specific environment. Once you're confident it won't bring their network to a screeching halt, then make it active.