I have a Windows 7 PC (I'll refer to it as the client) whose sole purpose will be to upload data throughout the day to a remote server. This is an automated process that runs on a schedule with no user intervention. The remote server will be a web server with a REST service to receive the data over HTTPS from the client.
Internally, this client PC is connected to a very sensitive network. Malware getting in could be disastrous. I would like to completely limit this PC's outside communication to only this one server.
I have read that I can create Windows Firewall rules to reject all traffic, then add add rules to allow inbound/outbound to a single IP address. However, it is my understanding that IP addresses can be spoofed. The server will have an SSL cert, so I'm hoping there's a way to utilize that to authenticate incoming traffic?
Anyway... I would love to hear your suggestions.
P.S. I realize Windows 7 is ancient. If updating to Win 10 makes it more secure, then that's an option.