Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Operating Systems
Windows 11
Windows 11: What processes necessarily need connection or access to the network?
Message
<blockquote data-quote="valvaris" data-source="post: 985066" data-attributes="member: 38787"><p>Hello [USER=67091]@Decopi[/USER]</p><p></p><p>There is a stark difference in terms of Firewalls!</p><p>============ Network Protection ====================</p><p>---------------- Basic SPI Firewall ------------ (Layer 3 - 4) --- Depends On Manufacturer and or License!</p><p>Stateful Packet Inspection</p><p>Wiki -> <a href="https://en.wikipedia.org/wiki/Stateful_firewall" target="_blank">Stateful firewall - Wikipedia</a></p><p></p><p>--------------- NG Firewall ------------------ (Layer 3 - 7) --- Depends On Manufacturer and or License!</p><p>Next Generation Firewall</p><p>Uses DPI - SSL Inspection</p><p>Wiki -> <a href="https://en.wikipedia.org/wiki/Next-generation_firewall" target="_blank">Next-generation firewall - Wikipedia</a></p><p>=================================================</p><p></p><p>============= Client Protection =====================</p><p>Only Works if PC is ON!</p><p>---------------- OS Firewall [Windows] ---------- (Layer 4 - 7)</p><p>Application Firewall</p><p>Also Depends on what Software you use others work with Windows Firewall and others install Drivers to forward traffic to their own engine.</p><p>=================================================</p><p></p><p><em>A good Hardware Firewall is the first line of defense! [Also Called an Edge Device!]</em></p><p>Because it sits at the Edge of the Network Connecting your Network with the World Wide Web (LAN - WAN)</p><p>Depends on the Network Admin and Manufacturer of the device.</p><p></p><p>WAN to LAN</p><p>The first default rule is: Deny all incoming traffic! - Already there nobody can connect to any of your devices.</p><p></p><p>LAN to WAN</p><p>The second rule is a TEST Rule with Logging: To see what is needed for the network to be productive.</p><p>Otherwise, it can be done with strict rules!!!</p><p>Allow only HTTP, HTTPS, DNS and NTP - Everything else that is blocked can be opened by the Admin if necessary!!!</p><p></p><p>NOW the NG tech. comes into play and that is where an enormous difference comes in to Firewalling at the Edge!</p><p>Because now we can look inside SSL Traffic and depends on the manufacturer - DPI - ATP - IPS and so on... can be implemented.</p><p>And YES a NG Firewall can identify bad traffic from the network and block that!</p><p>Example: If Command and Control traffic is seen by the NG Firewall it will kill that session and could isolate the device.</p><p>Also, it is capable to Scan for Malware before the Download even hits the PC and much more...</p><p></p><p>The first line of defense also needs a second line where it can work together and that is Endpoint Protection.</p><p>The best example I have is Sophos:</p><p></p><p>Sophos XGS Firewall (Hardware) ---> [Endpoint/Client/Server] Sophos Intercept X Adv. (With XDR or MTR) Depends on the Costumer</p><p></p><p>This setup will for example do a heartbeat to the firewall security system and Sophos central services and if something goes bad the firewall will isolate that system and the infected system will try to clean itself. If all goes well then it can rejoin the network.</p><p></p><p>For the home user what does that mean?!</p><p>---- Anti-Virus Suite (I cannot recommend one for home users!) [Why? Bloatware - VPN - FileShredder - and so on...]</p><p>---- The ISP Router or Gamer Router (To be honest a PFsense Community Edition or OPNsense must have!!!) <- Lots more transparent what is going on in your home network.</p><p></p><p>To answer your question in a short way: A Hardware Firewall Appliance gives you way more security if configured correctly!</p><p></p><p>Best regards</p><p>Val.</p></blockquote><p></p>
[QUOTE="valvaris, post: 985066, member: 38787"] Hello [USER=67091]@Decopi[/USER] There is a stark difference in terms of Firewalls! ============ Network Protection ==================== ---------------- Basic SPI Firewall ------------ (Layer 3 - 4) --- Depends On Manufacturer and or License! Stateful Packet Inspection Wiki -> [URL='https://en.wikipedia.org/wiki/Stateful_firewall']Stateful firewall - Wikipedia[/URL] --------------- NG Firewall ------------------ (Layer 3 - 7) --- Depends On Manufacturer and or License! Next Generation Firewall Uses DPI - SSL Inspection Wiki -> [URL='https://en.wikipedia.org/wiki/Next-generation_firewall']Next-generation firewall - Wikipedia[/URL] ================================================= ============= Client Protection ===================== Only Works if PC is ON! ---------------- OS Firewall [Windows] ---------- (Layer 4 - 7) Application Firewall Also Depends on what Software you use others work with Windows Firewall and others install Drivers to forward traffic to their own engine. ================================================= [I]A good Hardware Firewall is the first line of defense! [Also Called an Edge Device!][/I] Because it sits at the Edge of the Network Connecting your Network with the World Wide Web (LAN - WAN) Depends on the Network Admin and Manufacturer of the device. WAN to LAN The first default rule is: Deny all incoming traffic! - Already there nobody can connect to any of your devices. LAN to WAN The second rule is a TEST Rule with Logging: To see what is needed for the network to be productive. Otherwise, it can be done with strict rules!!! Allow only HTTP, HTTPS, DNS and NTP - Everything else that is blocked can be opened by the Admin if necessary!!! NOW the NG tech. comes into play and that is where an enormous difference comes in to Firewalling at the Edge! Because now we can look inside SSL Traffic and depends on the manufacturer - DPI - ATP - IPS and so on... can be implemented. And YES a NG Firewall can identify bad traffic from the network and block that! Example: If Command and Control traffic is seen by the NG Firewall it will kill that session and could isolate the device. Also, it is capable to Scan for Malware before the Download even hits the PC and much more... The first line of defense also needs a second line where it can work together and that is Endpoint Protection. The best example I have is Sophos: Sophos XGS Firewall (Hardware) ---> [Endpoint/Client/Server] Sophos Intercept X Adv. (With XDR or MTR) Depends on the Costumer This setup will for example do a heartbeat to the firewall security system and Sophos central services and if something goes bad the firewall will isolate that system and the infected system will try to clean itself. If all goes well then it can rejoin the network. For the home user what does that mean?! ---- Anti-Virus Suite (I cannot recommend one for home users!) [Why? Bloatware - VPN - FileShredder - and so on...] ---- The ISP Router or Gamer Router (To be honest a PFsense Community Edition or OPNsense must have!!!) <- Lots more transparent what is going on in your home network. To answer your question in a short way: A Hardware Firewall Appliance gives you way more security if configured correctly! Best regards Val. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
