M
MAJA WA
I have a scenario that is really confusing me. I recently switched from a 3rd party personal firewall provider to using Windows Defender Firewall with Advanced Security. I'm not very familiar with it so I decided to do some experimenting. I wanted to play with Connection Security Rules and see how any of the settings might affect network traffic. Well, I added a rule requiring Kerberos v5 authentication for all incoming connections and requesting it on all outgoing connections. This applies to any two endpoints, any port, any protocol. Since my understanding is that Kerberos authentication only applies to Active Directory Domain Networks, I expected it would either disrupt my network connection, or have no affect at all.
To my surprise, it seems to have had a beneficial effect. Simply enabling the rule disables other devices in my local network from being able to port scan my pc, or capture unencrypted web traffic with tools such as ettercap, aircrack-ng, etc. As soon as I disable the rule, I'm able capture traffic from another device and scan for open ports on the pc again. I've had the rule on for a couple weeks now, and it doesn't seem to negatively affect my connectivity in any way. When running Wireshark along side it, I don't see any unencrypted traffic, with the only noteworthy thing to mention being a whole lot of ISAKMP connections. I can't figure out what accounts for this behavior. At no time is my pc or any other device connecting to it, or trying to anyway, presented with login credential requests. If you have any idea why this is occuring, I would much appreciate the enlightenment. Specific info on my pc below:
Windows 10 Pro x64 ver 1803 - Firewall settings are configured through mmc and group policy.
Desktop PC, however I connect wirelessly. Only one network interface is enabled at a time. IPv6 is turned off for the interface in question.
Local residential network. ISP is Comcast. Three Desktops (two windows, one linux), two laptops (one Windows, one Mac), two gaming systems, a tablet, and 8 phones (mix of iphones and androids), all connect wirelessly. No workgroup or filesharing established.
If you need additional info let me know. Thanks!
Continue reading...
To my surprise, it seems to have had a beneficial effect. Simply enabling the rule disables other devices in my local network from being able to port scan my pc, or capture unencrypted web traffic with tools such as ettercap, aircrack-ng, etc. As soon as I disable the rule, I'm able capture traffic from another device and scan for open ports on the pc again. I've had the rule on for a couple weeks now, and it doesn't seem to negatively affect my connectivity in any way. When running Wireshark along side it, I don't see any unencrypted traffic, with the only noteworthy thing to mention being a whole lot of ISAKMP connections. I can't figure out what accounts for this behavior. At no time is my pc or any other device connecting to it, or trying to anyway, presented with login credential requests. If you have any idea why this is occuring, I would much appreciate the enlightenment. Specific info on my pc below:
Windows 10 Pro x64 ver 1803 - Firewall settings are configured through mmc and group policy.
Desktop PC, however I connect wirelessly. Only one network interface is enabled at a time. IPv6 is turned off for the interface in question.
Local residential network. ISP is Comcast. Three Desktops (two windows, one linux), two laptops (one Windows, one Mac), two gaming systems, a tablet, and 8 phones (mix of iphones and androids), all connect wirelessly. No workgroup or filesharing established.
If you need additional info let me know. Thanks!
Continue reading...