Hi
When creating firewall rules, do you use “Predefined Policies”, “Port Sets”, both or neither of these options? Interested in hearing whether any of these options are used within CIS5.
Myself, I’ve never used any of these settings preferring to either “Trust” or “Block” the application when prompted (of course, this only applies to unrecognised files).
I have CIS 5 and, like CIS 4 before it, I have special rules for certain applications (and games). I use both Predefined Policies and Port Sets… and Network Zones. Basically, anything that equates to less typing and the potential errors that can cause (user errors).
I have always set browsers and email defined policies in the past but am running the RC in default, so no rules are created for them. If it works I don’t see any point in changing anything, as sooner or later I would make a mistake.
Have just added custom port set with additional global rule to (hopefully) mitigate against DLL vulnerability. Have also used pre-defined and custom rules in the past but not as yet in CIS 5.
I always customize everything, and altough “dll vulnerability” is the last fashioned topic, one should always have closed since a long time the culprit ports and services (135-139 as far as we are concerned here; 445 is impossible to close from only security software intervention).