Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Operating Systems
Windows 11
Windows 11: What processes necessarily need connection or access to the network?
Message
<blockquote data-quote="valvaris" data-source="post: 984583" data-attributes="member: 38787"><p>Woow that is one way of blocking Windows <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" /></p><p>The other way is making your life easier.</p><p>Networking in terms of: "I want only Browsing" for Example to work and control what is communicating where a web proxy also called a forwarding proxy is a huge help in Direct Mode. This means a browser or system needs to address the Proxy directly before having access to the internet.</p><p></p><p>Example:</p><p>Firefox Browser has Proxy Address configured because it does not set the System Settings in Windows for use with Proxy.</p><p></p><p>Firefox Proxy 192.168.x.x Port 8080 -----> Forwarding Proxy ----> Internet</p><p>Windows ----> No Internet Access ---> Reason No Proxy Configuration</p><p></p><p>The other part is if you want to use other Applications some are compatible with Proxy Settings and are System independent others need WinHttp Proxy Configured or they just do not work.</p><p></p><p>That is the reason Network Administrators use Network Equipment like Firewalls.</p><p></p><p>Why?</p><p>In the OS itself there are Processes that need to run like mDNS - BITS - and others. (Process Explorer can give more insight!)</p><p></p><p>In terms of what is needed for minimum communication and internet use:</p><p>- HTTP Protocol - Port 80 TCP</p><p>- HTTPS Protocol - Port 443 TCP</p><p>- NTP Protocol - Port 123 TCP/UDP</p><p>- DNS Protocol - Port 53 TCP/UDP</p><p></p><p>What makes control over traffic more difficult?</p><p>Encrypted Traffic needs to be "Broken" to look inside so even if you block system process another process that could hijack a legit process and communicate with a Command-and-Control Server without your knowledge.</p><p>That is why Network Layer Protection is so important even for Home Use - Some call it DPI with SSL Inspection and can break down how things communicate.</p><p></p><p>So, a Zero Trust guideline is a particularly promising idea but needs to be done in Layers.</p><p>I refer to the OSI Layer Model</p><p></p><p>[ATTACH=full]265957[/ATTACH]</p><p></p><p>If you block something already at the lower layers, it just simply cannot reach higher. If you block something in the highest layer 7 for example you need to have tech. That can control that traffic like a Next Generation Firewall (NGF).</p><p></p><p>The up part of that is that you control everything Network Wide and can granularly adjust your Rules to specific needs. (User, Group, Computers, IPs and such...)</p><p></p><p>A fun point to start is:</p><p>Sophos XG Home Edition (Freeware and only Private use)</p><p>Untangle (Base License is Free but advanced features require a License)</p><p>PFsense and OPNsense are Freeware but also have Corp. License Models <- NGF as Addon (Paid Service on OPNsense)</p><p></p><p>I strongly suggest doing this as a separate Device / Server / Appliance - ^^</p><p></p><p>Software Firewalls installed on Windows are Applications, and all can be manipulated in such a way that the user does not know what is happening or what if the Application has a bug?</p><p></p><p>All even Hardware Firewalls need care and understanding and there is no silver bullet to a solution. But ways to make it more manageable.</p><p></p><p>There is no best way but recommended one's from different users.</p><p></p><p>My Setup for example is quite simple but efficient:</p><p></p><p>- My PC - Physical Connection on own Port of the Firewall - Own Subnet with no DHCP /30</p><p>- IoT Devices - Own Switch on Own Port of the Firewall with - Own Subnet DHCP on /28</p><p>- GEO Blocking Firewall Global Rule for incoming and outgoing traffic on all Ports</p><p>- My PC Zone only allowed HTTP / HTTPS / DNS / NTP</p><p>- IoT Devices only allowed HTTP / HTTPS / DNS / NTP</p><p>- No communication between IoT Devices and My PC Zone</p><p>- My PC Software in use is: F-Secure EPP Computer Protection (with Windows Firewall in build control with better logging) Default Deny Policy.</p><p>- Sophos XGS 126 with XStream Bundle License (ATP - DPI Engine [Port Agnostic] - SSL-Inspection - GEO Blocking - Webfilter - IPS - and Firewall Rules)</p><p></p><p>My Point is:</p><p>Good Protection starts at the Lower Layers of the OSI model and of course the best Firewall and AV is the "USER". Zero Trust ^^</p><p></p><p>P.S.:</p><p>My Network is build that way since I still learn from here and others in the IT field and I myself am in that Profession. For others that is pure overkill!!! But still, something to look at and be aware of.</p><p></p><p>P.P.S:</p><p>I know I also did not really answer your question but wanted to give your more insight on how your computer communicates. ^^</p><p></p><p>If someone needs more insight - I am happy to help. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" /></p><p></p><p>Best regards</p><p>Val.</p></blockquote><p></p>
[QUOTE="valvaris, post: 984583, member: 38787"] Woow that is one way of blocking Windows :D The other way is making your life easier. Networking in terms of: "I want only Browsing" for Example to work and control what is communicating where a web proxy also called a forwarding proxy is a huge help in Direct Mode. This means a browser or system needs to address the Proxy directly before having access to the internet. Example: Firefox Browser has Proxy Address configured because it does not set the System Settings in Windows for use with Proxy. Firefox Proxy 192.168.x.x Port 8080 -----> Forwarding Proxy ----> Internet Windows ----> No Internet Access ---> Reason No Proxy Configuration The other part is if you want to use other Applications some are compatible with Proxy Settings and are System independent others need WinHttp Proxy Configured or they just do not work. That is the reason Network Administrators use Network Equipment like Firewalls. Why? In the OS itself there are Processes that need to run like mDNS - BITS - and others. (Process Explorer can give more insight!) In terms of what is needed for minimum communication and internet use: - HTTP Protocol - Port 80 TCP - HTTPS Protocol - Port 443 TCP - NTP Protocol - Port 123 TCP/UDP - DNS Protocol - Port 53 TCP/UDP What makes control over traffic more difficult? Encrypted Traffic needs to be "Broken" to look inside so even if you block system process another process that could hijack a legit process and communicate with a Command-and-Control Server without your knowledge. That is why Network Layer Protection is so important even for Home Use - Some call it DPI with SSL Inspection and can break down how things communicate. So, a Zero Trust guideline is a particularly promising idea but needs to be done in Layers. I refer to the OSI Layer Model [ATTACH type="full" alt="1650229872062.png"]265957[/ATTACH] If you block something already at the lower layers, it just simply cannot reach higher. If you block something in the highest layer 7 for example you need to have tech. That can control that traffic like a Next Generation Firewall (NGF). The up part of that is that you control everything Network Wide and can granularly adjust your Rules to specific needs. (User, Group, Computers, IPs and such...) A fun point to start is: Sophos XG Home Edition (Freeware and only Private use) Untangle (Base License is Free but advanced features require a License) PFsense and OPNsense are Freeware but also have Corp. License Models <- NGF as Addon (Paid Service on OPNsense) I strongly suggest doing this as a separate Device / Server / Appliance - ^^ Software Firewalls installed on Windows are Applications, and all can be manipulated in such a way that the user does not know what is happening or what if the Application has a bug? All even Hardware Firewalls need care and understanding and there is no silver bullet to a solution. But ways to make it more manageable. There is no best way but recommended one's from different users. My Setup for example is quite simple but efficient: - My PC - Physical Connection on own Port of the Firewall - Own Subnet with no DHCP /30 - IoT Devices - Own Switch on Own Port of the Firewall with - Own Subnet DHCP on /28 - GEO Blocking Firewall Global Rule for incoming and outgoing traffic on all Ports - My PC Zone only allowed HTTP / HTTPS / DNS / NTP - IoT Devices only allowed HTTP / HTTPS / DNS / NTP - No communication between IoT Devices and My PC Zone - My PC Software in use is: F-Secure EPP Computer Protection (with Windows Firewall in build control with better logging) Default Deny Policy. - Sophos XGS 126 with XStream Bundle License (ATP - DPI Engine [Port Agnostic] - SSL-Inspection - GEO Blocking - Webfilter - IPS - and Firewall Rules) My Point is: Good Protection starts at the Lower Layers of the OSI model and of course the best Firewall and AV is the "USER". Zero Trust ^^ P.S.: My Network is build that way since I still learn from here and others in the IT field and I myself am in that Profession. For others that is pure overkill!!! But still, something to look at and be aware of. P.P.S: I know I also did not really answer your question but wanted to give your more insight on how your computer communicates. ^^ If someone needs more insight - I am happy to help. :D Best regards Val. [/QUOTE]
Insert quotes…
Verification
Post reply
Top