None
  • Testing ICMP (ping) connectivity
  • Blocking ICMP traffic
  • Testing SMB (file sharing) access
  • Blocking SMB access using firewall rules

Environment

  • PC10: Windows Server 2019 (Client system)
  • DC10: Windows Server 2019 (Domain Controller / Server system)
  • Both systems connected within the same internal network

PC10 Pinging DC10;

None
Ping displays four replies, which means that PC10 system can trigger ICMP response from DC10. this means that DC10 system is not in compliance with hardening requirement.
None
Testing ICMP connectivity in DC10, pinging PC10.

The output displays four Request Timed Out messages. That means the communications were unsuccessful. This is because the settings of Windows Defender Firewall on PC10 are blocking inbound ICMP Requests, You'll need to make similar settings on DC10 to block ICMP responses from other systems (such as PC10)

To set this rule, we'll go to Windows Defender Firewall with advanced security.

None

Go to inbound rules and look For; File and Printer Sharing (ICMPv4) and File and Printer Sharing (ICMPv6) To block ICMP echo requests from all network profiles

None
None
None

Now let's switch back to PC10 and see if our compensating control worked.

None
Request Times out messages. This means that communications were unsucessful. This is because the settings of windors firewall on dC10 are now blocking inbound ICMP requests.

On the Windows Defender Firewall page, there is a Restore defaults option. However, this option will reset the configuration of Windows Defender Firewall to its Microsoft defaults; therefore, you should avoid using it. To manage the configuration profile more sensibly, you can right-click on Windows Defender Firewall with Advanced Security on Local Computer (i.e., the top item in the left pane of the Windows Defender Firewall with Advanced Security window) and then select one of the three options: Import Policy, Export Policy, or Restore Default Policy. You should use the Export Policy option before changing the firewall's settings. If your setting changes do not work as expected, you can restore the previous configuration by using the Import Policy feature. Use the Restore defaults option as a last resort.

Configuring Windows defender firewall to manage shared folder access.

Assume that a system hardening requirement is to prevent client systems from hosting file shares. You will first create a share from a client system then access that share from another system. You will then configure firewall rules to block access to the client's file share, Then test the rules' effectiveness.

None
None

These rules control inbound TCP port 445 traffic.

Block the connections for both File and Printer Sharing (SMB-In) Private, And File and Printer Sharing (SMB-In) domain → Apply

When accessing a file it should say network error.