Securing a Windows VPS server is essential to protect your data and applications from potential threats. Windows Defender Firewall is a powerful tool integrated into Windows that manages incoming and outgoing connections on your server, thus providing an additional layer of security.

What is Windows Defender Firewall?

Windows Defender Firewall is a firewall that helps protect your system by filtering network traffic. It monitors incoming and outgoing connections and allows or blocks traffic based on user-defined rules.

Main Features

Traffic Filtering: It allows you to control incoming and outgoing traffic based on specific rules.
Notifications: The firewall alerts the user when an application attempts to access the Internet.
Custom Rules: You can create specific rules for different types of traffic.
Network Profile: It offers different settings for public, private, and domain networks.

Configuring Windows Defender Firewall

Accessing Windows Defender Firewall

To configure Windows Defender Firewall, follow these steps:

Open the Control Panel.
Click on System and Security.
Select Windows Defender Firewall.

Creating a Firewall Rule

To create a rule that allows or blocks traffic, use the following steps:

In the Windows Defender Firewall window, click on Advanced settings.
In the left pane, select Inbound Rules for incoming rules or Outbound Rules for outgoing rules.
Click on New Rule in the right pane.
Choose the type of rule (Program, Port, Predefined, or Custom) and follow the on-screen instructions.

Configuration Examples

Allowing a Specific Port

To allow traffic on a specific port, for example, port 80 for HTTP, you can create a rule like this:

New-NetFirewallRule -DisplayName "Allow HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow

This PowerShell command creates a firewall rule that allows incoming traffic on port 80.

Blocking a Specific Application

If you want to block an application, for example, example.exe, use the following command:

New-NetFirewallRule -DisplayName "Block Example" -Direction Outbound -Program "C:\Path\To\example.exe" -Action Block

This command prevents example.exe from establishing outgoing connections.

Managing Network Profiles

Understanding Network Profiles

Windows Defender Firewall uses three network profiles:

Domain: Used when the computer is connected to a domain.
Private: Used for trusted networks, such as your home network.
Public: Used for unsecured networks, like those in cafes or airports.

Configuring Profile Settings

To configure the settings for each profile, go to the Windows Defender Firewall settings:

In the Domain network, Private network, and Public network sections, you can enable or disable the firewall based on the network.
You can also access Advanced settings to manage rules specific to each profile.

Monitoring Traffic and Logs

Enabling Logging

To monitor traffic and detect anomalies, you can enable logging in Windows Defender Firewall:

Set-NetFirewallProfile -All -LogAllowed True -LogPath "C:\Windows\System32\LogFiles\Firewall\pfirewall.log"

This command enables logging for all profiles and saves the logs in the specified file.

Analyzing Logs

To analyze the logs, open the file with a text editor. You will find information about allowed and blocked traffic, which will help you adjust your firewall rules.

Security Best Practices

Avoid opening unnecessary ports: Do not leave ports open without reason.
Use specific rules: Create rules that apply only to necessary applications or ports.
Regularly monitor traffic: Check logs for any suspicious activity.
Keep the system updated: Ensure that Windows and its components are always up to date.

Conclusion

Securing a Windows VPS server with Windows Defender Firewall is a crucial step in protecting your resources. By following the tips and steps outlined in this article, you can configure a secure environment that reduces the risk of attacks and compromises.

How to Secure a Windows VPS Server with Windows Defender Firewall