Your thoughts on a connetion security rule [Windows firewall]

[Enablingwolf]

I would like some input as, the title states on a security rule... I'm highly simplifying this. In turn, I am willing to give more infrastructure information if need be.

With the Windows Firewall. I am finding out. It is slowing down networked drives access. Mostly after idle and reconnection. Basically, the Windows Firewall is authenticating the machine. Slowing up access times to drives after idle.

(The dedicated drive host machine is my torrent, media, files and general, if it is not on this machine. It is there machine. It is (currently,) an all Windows 7 64bit SP1 Ultimate network. {I'm lazy to install WHS 2011 on the drive host.})



One solution I have to my slow idle access times dilemma. Is to simply have a specific (static) IP connection security exemption rule. I use adapter MAC based static IPs for each machine on the local network. Via my router DHCP. So it is easy to keep specific machines on a static local IP.

i.e. - Machine 192.168.1.2 does not authenticate machines 192.168.1.3-192.168.1.4.

Ok... here is my question... Is there a more elegant and safer way? I know there is a better way. I just haven't come across it or thought of it yet. Any input or suggestions?

 

[gangaskan]

I would like some input as, the title states on a security rule... I'm highly simplifying this. In turn, I am willing to give more infrastructure information if need be.

With the Windows Firewall. I am finding out. It is slowing down networked drives access. Mostly after idle and reconnection. Basically, the Windows Firewall is authenticating the machine. Slowing up access times to drives after idle.

(The dedicated drive host machine is my torrent, media, files and general, if it is not on this machine. It is there machine. It is (currently,) an all Windows 7 64bit SP1 Ultimate network. {I'm lazy to install WHS 2011 on the drive host.})



One solution I have to my slow idle access times dilemma. Is to simply have a specific (static) IP connection security exemption rule. I use adapter MAC based static IPs for each machine on the local network. Via my router DHCP. So it is easy to keep specific machines on a static local IP.

i.e. - Machine 192.168.1.2 does not authenticate machines 192.168.1.3-192.168.1.4.

Ok... here is my question... Is there a more elegant and safer way? I know there is a better way. I just haven't come across it or thought of it yet. Any input or suggestions?

turn it off?


joking aside, the windows firewall is garbage, its about as useful as a poopie flavored lollipop!


is there a certain reason as to why you have it enabled?

 

[Enablingwolf]

I would like to see evidence of how the Windows 7 firewall is garbage.. Informed opinion would work. It's nothing like the XP firewall. Which was not much better than wearing silk underwear with diarrhea. The newer firewall IMO is actually not bad at all, if set up right. For the most part I got it tuned very well. I am just curious about the one advanced setting. If it is good or not. since it is in the Private zone of the firewall. It will not effect the Public zone settings.

The reason I use it... Well it is easy to use and no conflicts that I know of. One thing for this particular machine. I only install extras as there is actual need. Not to make it easier or pretty. The more layers of third-ware I add, the more issues/holes that could crop up. Plus the Windows 7 firewall works VERY well with the GPE.

My configuration for the firewall: Block everything. Allow only what is needed.

The machine is not used to surf or otherwise do much but serve files. There is only a few rules to open a connection in or out.
It is hooked to a HDTV/HT. Most tasks for fiddling are usually over RDS. Many of the services are turned off. Very little is installed.

 

[gangaskan]

i usually disable it, more hassle than worth in my opinion.


if you're natted behind a router, you have nothing to worry about really, your endpoint security should start there

 

[dark_15]

With the Windows Firewall. I am finding out. It is slowing down networked drives access. Mostly after idle and reconnection. Basically, the Windows Firewall is authenticating the machine. Slowing up access times to drives after idle.

This is interesting, as the firewall should not be handling authentication. That being said it sounds like windows file sharing is what is causing the problem. Check this link out and see if this helps:

http://social.technet.microsoft.com...t/thread/dd476b45-59a6-49f8-9c1a-35e846c5587b

i usually disable it, more hassle than worth in my opinion.


if you're natted behind a router, you have nothing to worry about really, your endpoint security should start there

This is bad advice. NAT alone does not replace the function of a firewall at either the edge of the internet or on the host directly. It is relatively easy for someone to overcome NAT and send malicious traffic to you; Skype is a perfect example of this.

 

[Enablingwolf]

This is interesting, as the firewall should not be handling authentication. That being said it sounds like windows file sharing is what is causing the problem. Check this link out and see if this helps:

http://social.technet.microsoft.com...t/thread/dd476b45-59a6-49f8-9c1a-35e846c5587b

I'll check out/test/research your suggestion.

As for authentication. I thought the same thing. Lo and behold, it does. I think it is specific to Pro and above on Windows 7. In the firewall/Advanced settings/connection security rules/new rule

This is bad advice. NAT alone does not replace the function of a firewall at either the edge of the internet or on the host directly. It is relatively easy for someone to overcome NAT and send malicious traffic to you; Skype is a perfect example of this.

My router is but one segment in the secure setup. The firewall and specific rules on it, is yet one layer.