A good basis for firewall rules would be Zero Trust - only allow what is needed. But in many cases, you do not know all the needed rules for a server connection. As a result in many evironments, the windows firewall is either disabled or poorly managed
I was thinking that maybe this would be a helpful approach:
Install a Windows server with all the needed applications. It is a test setup or you have a snapshot
allow everything
begin working and trace connections
from the connection trace, create firewall rules - I would prefer powershell commands / script
examine the script carefully
maybe apply some commonly known rules (like Ping / ICMP, AD Rules, ...) Most should be managed via GPO / from template
create a new server or revert to snapshot
apply the firewall rules you traced before. These will be the only allowed rules
deny everything else --> Zero Trust
further needed rules are upon failure or request
Does this make sense?
If yes, I would not know how to best capture the traffic and create rules / a script upon it
can anyone help me out?
thanks!
