Security

I am trying to update our Aruba Controller firewall policies. I have a set of Windows PC's on an Active Directory domain.

My predecessor configured a set of 22 rules but things like WMI do not work when remotely checking a laptop. So I thought I would revisit the rules and see if they are set appropriately. Our existing rules are in the attached image.

I found this link that makes sense conceptually (most specific first, most general last) but I cannot find any actual recommended settings for windows PC's.

I'm struggling to figure out how you could lock down anything for Windows anyway, this Microsoft Page shows things like RDP is randomly assigned a port from 1000-5000 and 49152 - 65535. How am I supposed to create rules that lock anything down when I have to leave open tens of thousands of ports?

Does anyone have some recommended settings?

Mark

My opinion is that this list is too long to manage effectively if you do not have enough time and manpower to do it.   If a problem comes up and you have to hastily allow everything, you effectively end up undoing your objective.

If you have time and manpower, keep working on it :)

Thanks Colin,

I think you are right. Hopefully some people will chime in on what they use

Mark

Does anyone have a set of rules they want to share? I'm looking for WIndows laptops.

Mark