Hey, fellow Syndicate members.
I want to know things. Things about your firewall.
What do you block? What policies do you put in place? What kind of firewall do you use? I realize you may not feel comfortable explaining every detail about your security configuration, for obvious reasons, but I feel like we should share this type of information for our mutual benefit.
I have just started setting up a new firewall, and that is what brought this topic to mind. So far I have only blacklisted a few IP addresses that I know to be Cryptowall/Cryptolocker contact points, and a few services that I do not ever want running in my network. With that being said, the current firewall solution I'm using does not have all of the features I'm used to, so it makes my setup process a bit more manual. I'm using a Cisco Meraki MX100.
Do you use a vulnerability management application or service to keep your blacklists up to date? Do you use Group Policy (if in a Windows environment) to manage user permissions on your intranet, as a kind of internal firewall?
How do you scan your outside facing IPs to make sure your protection is effective? What is the best way to secure RDP openings? What is the best way to secure Active Directory Logins without disrupting users?
Thanks for reading!