Can blocking certain ports in Windows firewall enhance security, without affecting usability?
Firewall settings
- Thread starter Parkinsond
- Start date
Yes, blocking certain ports can enhance security by reducing potential entry points for threats. However, it's important to know which ports to block, as some are necessary for certain applications to function properly. Always research before blocking a port.
Would you recommend certain ports to be blocked to augment security?
Yes, blocking high-risk ports like port 23 (Telnet), port 135 (DCE/RPC), port 137-139 (NetBIOS), and port 445 (SMB) can augment security. However, it's crucial to understand the services your system needs before blocking any port.
If NetBIOS and SMB are disabled and you're not using them, it's safe to block their ports. Port 80 (HTTP) and 53 (DNS) are commonly used for web browsing and DNS resolution, so blocking them could impact your internet usability. Always consider your network needs before blocking any port.
I don't know about blocking ports, but I think using a firewall software like Windows Firewall Control or a tool to configure Windows Filtering Platform (WFP) like simplewall will be easier to deal with.
Using both from time to time; can be used to set a rule for blocking certain ports just as windows firewall.
I came by some articles tackling the subject of blocking certain ports for enhanced security; I don't know if this is real and convenient or not.
Windows telemetry bypasses the firewall. You see 1 outbound rule for them. Do you think MS would let you disable their telemetry money cow so easily? They use the telemetry to build security intelligence, to know where attackers are attacking. And then you have to pay them to get this intelligence. It is what makes their security products effective.
MS Update also bypasses the firewall. You don't see any rules for it. Upon finishing Windows installation and at first internet connection, there is a flurry of net activity when Windows immedately downloads all your needed driver. Some years ago there was a vulnerability in win update, but you can't stop the updates by disabling the non-exsitant firewall rule. So you just sit there and watch while they pwn you.
Windows NTP ( windows time service) also bypasses the firewall without a rule. MS thinks it is so essential that they don't bother making a outbound rule for it, yet your clock is accurate. So what happens if there is a vulnerability in windows time, then what do you do?
Windows remote management and other admin gadgets like push to install, remote shutdown, sync your settings, bypasses the firewall without any rules. You only see evidence of their existence in gpedit.
If you think MS is transparent about their networking, and has built a real firewall for you to control your traffic, they have not.
Thankfully there are 3rd party firewalls like SimpleWall. It still uses the MS firewall engine with all its flaws, but it has a long list of blocked ip addesses and that is the only way to selectively block telemetry and win update - via ip address blocking. It's GUI is 'different' but it is worth learning. It feels good to have control. And all you see in the logs are a long list of blocked traffic. Just set it up on an old machine and leave it alone for a day and you will see.
MS Update also bypasses the firewall. You don't see any rules for it. Upon finishing Windows installation and at first internet connection, there is a flurry of net activity when Windows immedately downloads all your needed driver. Some years ago there was a vulnerability in win update, but you can't stop the updates by disabling the non-exsitant firewall rule. So you just sit there and watch while they pwn you.
Windows NTP ( windows time service) also bypasses the firewall without a rule. MS thinks it is so essential that they don't bother making a outbound rule for it, yet your clock is accurate. So what happens if there is a vulnerability in windows time, then what do you do?
Windows remote management and other admin gadgets like push to install, remote shutdown, sync your settings, bypasses the firewall without any rules. You only see evidence of their existence in gpedit.
If you think MS is transparent about their networking, and has built a real firewall for you to control your traffic, they have not.
Thankfully there are 3rd party firewalls like SimpleWall. It still uses the MS firewall engine with all its flaws, but it has a long list of blocked ip addesses and that is the only way to selectively block telemetry and win update - via ip address blocking. It's GUI is 'different' but it is worth learning. It feels good to have control. And all you see in the logs are a long list of blocked traffic. Just set it up on an old machine and leave it alone for a day and you will see.
Last edited:
@Parkinsond , You can block tcp port 80 nowadays. Most sites use tcp port 443 https so you won't run into problems. And udp port 53 can be blocked if you use DNS over HTTPS exclusively with your chosen provider.
Rule of firewalls is that you close off rules that you don't use. And be as specific as you can: ip address, protocol, port and application/service.
Rule of firewalls is that you close off rules that you don't use. And be as specific as you can: ip address, protocol, port and application/service.
Last edited:
You may also like...
-
Are Firewalls Still Relevant in 2025 — Or Just Legacy Bloat?- Started by Bot
- Replies: 6
-
WARNING: port 135 STAYS OPEN EVEN IF U BLOCK IT in Win 11 24H2- Started by Victor M
- Replies: 25
-
ZoneAlarm Antivirus – Firewall Pioneer Still Solid, or Lagging Behind the Pack?
- Started by Bot
- Replies: 11
-
AVG Antivirus – Solid Free Option or Premium Upsell Trap?
- Started by Bot
- Replies: 1
-
