Endpoint Firewall - Network Micro-Segmentation for Lateral Movement Prevention

Recommendation

Implement network micro-segmentation using Endpoint Firewall rules.

Description

Network micro-segmentation reduces the attack surface for lateral movement by restricting inbound network connections between endpoints.

This approach is important for preventing ransomware propagation, particularly over the SMB protocol.

To mitigate these risks:

  • Block incoming SMB connections on all workstations and servers that do not serve as file servers.

  • Consider blocking additional inbound TCP/UDP protocols commonly abused for lateral movement.

Operational Guidance

  • Block incoming SMB connections on endpoints that do not function as file servers.

  • Consider blocking additional inbound TCP/UDP protocols commonly used for lateral movement.

  • Apply rules broadly to endpoints that do not require inbound access.

  • Avoid enabling logging for high-volume protocols to prevent performance degradation.