Windows Firewall has been enabled by default since Windows XP sp2, but I still see deployments where it is turned off because of old habits where it was difficult to determine how to allow applications through. With Windows 10 and Server 2019, most needed firewall policies are already built in and it’s relatively easy to set up access. But there can be times you should enhance the settings of the Windows firewall to better protect you from lateral movement and attackers. Here’s what you need to know.
Build rules to binaries or executables
If an application needs a special rule, you should build it based on the binary or executable, not the port. This ensures that the firewall opens only when the application is active. If you build a firewall rule using a port, that port remains open and exposes the system.
