๐ ๐๐ฟ๐ผ๐บ ๐๐ต๐ฒ ๐๐ถ๐ฒ๐น๐ฑ โ Real-World Findings from Security Assessments
๐ฅ ๐ฏ๐ด.๐ญ%ย of environments I assessed ๐ต๐ฎ๐๐ฒ ๐ช๐ถ๐ป๐ฑ๐ผ๐๐ ๐๐ถ๐ฟ๐ฒ๐๐ฎ๐น๐น ๐๐๐ฟ๐ป๐ฒ๐ฑ ๐ข๐๐
I often joke in my courses that the first thing admins do on a new Windows device is disable the firewall. ๐จ๐ป๐ณ๐ผ๐ฟ๐๐๐ป๐ฎ๐๐ฒ๐น๐โฆ itโs not really a joke. Itโs the sad reality.
๐งฑย ๐ช๐ต๐?
For historical reasons, many admins still believe Windows Firewall โbreaks thingsโ โ especially older apps. So ๐๐ต๐ฒ๐ ๐ท๐๐๐ ๐๐ต๐๐ ๐ถ๐ ๐ฑ๐ผ๐๐ป.
But that mindset is outdated, and in 2026, itโs time we do better.
๐ฆ๐ผ๐บ๐ฒ ๐ณ๐ฎ๐ฐ๐๐:
โก๏ธ By default, Windows Firewall is more open than closed โ it wonโt block much.
โก๏ธ But it can slow down a malware movement.
โก๏ธ And you can configure it exactly as needed โ quickly and easily via Group Policy.
๐๐ผ๐ ๐๐ผ ๐ฑ๐ผ ๐ถ๐ ๐ฟ๐ถ๐ด๐ต๐:
1๏ธโฃ Stop turning it off โ leave it ON by default
2๏ธโฃ Define inbound rules only for whatโs needed
3๏ธโฃ You can also control outbound rules
4๏ธโฃ Use GPO to enforce:
โข Apply local firewall rules: No
โข On endpoints: Inbound connections: Block all connections
๐ And if you need a ๐น๐ถ๐๐ ๐ผ๐ณ ๐๐ฐ๐๐ถ๐๐ฒ ๐๐ถ๐ฟ๐ฒ๐ฐ๐๐ผ๐ฟ๐ ๐ฝ๐ผ๐ฟ๐๐ ๐ป๐ฒ๐ฒ๐ฑ๐ฒ๐ฑ, I got something for you: https://academy.horizon-secured.com/p/ad-network-ports
๐๐ป๐ฑ ๐ฑ๐ผ๐ปโ๐ ๐ณ๐ผ๐ฟ๐ด๐ฒ๐ย โ Windows Firewall can log everything.
You can see whatโs being blocked and adjust rules accordingly.
โ ๏ธ Itโs hard to take โZero Trustโ seriously when weโre still disabling built-in firewalls and saying “we have perimeter firewall, we donโt need this”…
Small steps. Big impact. Turn it back on.
๐ฌ Still disabling it in your environment? Why?
