Host-Based Firewall - What it is, why it matters, and safe default settings

Host-Based Firewall

What it is

A host-based firewall runs on a single device and filters that device’s network traffic - blocking suspicious inbound connections and limiting what apps can send out. It’s your last line of defense if something slips past the network edge. For background, see our firewall explainer.

Why it matters

If one laptop gets hit, a host firewall can contain the spread, block lateral movement, and stop malware from calling home.

How it works - quick tour

  • Per-app rules - allow or deny network access by program

  • Inbound controls - block unsolicited traffic to closed ports

  • Outbound controls - stop unknown apps from reaching the internet

  • Profiles - different policies for home, work, and public networks

Good uses

  • Endpoints on untrusted Wi-Fi

  • Servers with limited roles - only required ports open

  • Defense in depth with EDR and DNS filtering

Quick setup tips

  • Start deny by default for inbound - allow only what you need

  • Create per-app outbound rules for sensitive tools

  • Turn on logging and review new prompts weekly

  • Lock policies with admin rights and use MFA for changes

  • Pair with auto-patching and remove unused services

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Host-Based ID

        What it is Host-based intrusion detection (often written HIDS) watches a single computer for suspicious activity. It reads system logs, processes, files, and registry changes on that host, then alerts you if behavior breaks policy or matches known ...

      • Firewall

        What it is A firewall is a gatekeeper for your network - it filters traffic so only approved connections get through. Firewalls can be hardware (built into routers or dedicated appliances) or software (on your computer or server). For a deeper look ...

      • EDR (Endpoint Detection and Response)

        What it is EDR is your always-on security team for laptops and servers. It watches what’s happening on each device, spots attacks in progress, and helps you respond fast - quarantine, investigate, and clean up. For details on capabilities and use ...

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • DNS Firewall

        Why it matters Most attacks start with a click or a background connection. Stopping bad domains at the DNS layer cuts off malware downloads, phishing pages, and command-and-control beacons without slowing users or changing their workflow. How it ...