Windows Firewall: Closing the Default Pinholes

We have noted that Microsoft appears to be creating inbound firewall pinholes for some of its apps, even in installations in which a user has specifically indicate the local network is not to be trusted. This post reviews how the pinholes are implemented. It also provides illustrated examples for closing those rules, by disabling the default rules that Microsoft uses to provide exceptions for its apps.

Read more

The Windows Firewall: Big Bad Wolf Coming?

We continue the discussion of the Windows Firewall changes. This is a trends backgrounder, noting that it is likely that within a few years your PC will probably have a public IP address. It will be very possible that it’s an IPv6 address provided by the same provider who currently provides an IPv6 address on your mobile phone. Having an IPv6 address is fine, as long as you have a good firewall.

Read more

The Windows Firewall: A Few Bricks Loose?

Recent trends that have loosened some of the Windows 10 inbound firewall rules. The other day I installed Windows 10 with a private IP address. During the installation, I specified that my local network was not to be trusted. What should have been a pretty restrictive set of rules… wasn’t. I’ve summarized them here as the first part of a series in which we’ll discuss how to tighten up such rules. Additionally, we’ll look ahead over the next few years, in which we can probably expect more and more people will be working with publically accessible IP addresses. We’ll then discuss remote desktop protocol access from when your away from work (or home), which we’ll try to make as safe as possible.

Read more