Home network compromised

tcpeed · ‎07-27-2011

Hi,

For some time now i have been having a problem securing my computer against someone determained to access my computer..

Anyway, i decided to try a fresh install of windows 7

I reset my router and turned off wireless and connected directly (changed password etc)

Installed NIS 2012, in general settings moved every block share rule above the allow rule (i'm trying anything)

Connected and changed the network to restricted.

Changed the connection in windows to public.

Turned up UAC to notify every time.

Anyway, everything seemed secure for while, i kept my eye on the network devices connected and after a while it suddendly showed another computer connected to my network.

So how do i see what went wrong, and how is someone connected to me every time.

Thanks for any help.

T.C.

MagnusLindh · ‎05-09-2011

Hey

on your router, have you activated the router wireless security, whitch is WPA/WPA2 and then create a unique password when you log in to your network from your computer.

its very important to protect your wireless network from people ho should not have access to your network, beacause you do not know what kind of damage they will do to you and others.

you should find the security settings under wireless settings, this will change on what label and brand you are using on your router, but the principle are the same.

Sweman.

tcpeed · ‎07-27-2011

Thanks for the reply.

Yes, WPA2 with a long password.

Router password also changed before i connected

Phil_D · ‎06-10-2008

Hello tcpeed,

Is your wireless router using WPS? ('WiFi Protected Setup' or quick set up)

This feature is known to allow other devices using WPS to appear on your Windows 7 network map and consequently on your Norton Security Map.

If you read through this thread, it is suggested that turning off the 'WiFi Protected Setup' will prevent the unknown devices from being recognized:

"If you turn off WiFi Protected Setup in your own router the unwanted Network Infrastructure devices should disappear. WiFi Protected Setup is a system to connect WiFi devices using PIN numbers. The router will pick up on other devices (routers, wifi printers) using WiFi Protected Setup and allow them to be visible as accessible network infrastructure on your LAN computers. If you don't need to use WPS yourself you can disable it and get rid of the annoying entries in Network."

To avoid this, WPS must be completely turned off and the Wireless security configured manually. If you have completely turned off WPS, then please disregard the above.

Let us know.

Norton 360 • Norton Internet Security • Norton Zone | XP SP3 • Windows 7 Professional SP1 x64
• PLEASE, BACKUP or EXPORT your Identity Safe Data on a regular basis •

car825 · ‎03-28-2009

Why doesn't NIS filter out these devices from the Network Security Map? Part of the value added by the NIS Network Security MAP is that it is supposed to only display devices that are ACTUALLY in your network. Just because Windows sees a device doesn’t mean that NIS should display it.

dickevans · ‎04-08-2008

car825 wrote:
Why doesn't NIS filter out these devices from the Network Security Map? Part of the value added by the NIS Network Security MAP is that it is supposed to only display devices that are ACTUALLY in your network. Just because Windows sees a device doesn’t mean that NIS should display it.

Hi,

Can we reverse that for a minute. If the system recognizes a device, friend or foe, and does not display it, how to you protect yourself from it? If you go into the security map and see devices that are not part of your network, allowed devices, you can change its trust level so that it cannot compromise your network/system.

When it comes to security I'd rather it be a bit more information than I think I need rather than less so that I can't make an informed decision.

Just me being me.

Dick
Win7x64 SP1 current NIS V20

car825 · ‎03-28-2009

dickevans wrote:
car825 wrote:
Why doesn't NIS filter out these devices from the Network Security Map? Part of the value added by the NIS Network Security MAP is that it is supposed to only display devices that are ACTUALLY in your network. Just because Windows sees a device doesn’t mean that NIS should display it.
Hi,
Can we reverse that for a minute. If the system recognizes a device, friend or foe, and does not display it, how to you protect yourself from it? If you go into the security map and see devices that are not part of your network, allowed devices, you can change its trust level so that it cannot compromise your network/system.
When it comes to security I'd rather it be a bit more information than I think I need rather than less so that I can't make an informed decision.
Just me being me.

Shouldn't the map at least indicate which devices are actually in the network vs. those that are just out there so that people don't get unnecessarily concerned that there are intruders in the network? Also, why just show the WPS devices and not all the others in range?

Phil_D · ‎06-10-2008

I am in agreement with the remarks put forth by dickevans. I want to know what devices are connected to my network and also what devices Windows thinks are connected. This gives me more information to evaluate my own network security.

Although there may be numerous wireless devices in range, it is generally only devices using WPS that display in this manner. There must be a WPS device on the user's machine and another remote WPS device within range.

It is due to a flaw in the WPS PIN broadcast exchange mechanism. Basically, the two WPS devices are trying to communicate with each other in order to establish a connection. There is more detail about this flaw here.

Personally, I think people should have concerns about using WPS.

Hope that helps.

Norton 360 • Norton Internet Security • Norton Zone | XP SP3 • Windows 7 Professional SP1 x64
• PLEASE, BACKUP or EXPORT your Identity Safe Data on a regular basis •

tcpeed · ‎07-27-2011

Hi there.

Thanks for your responses.

Yes, i have a WPS on my router and no i haven't disabled it. It's a relatively new router so still getting to know all it's features (virginmedia superhub).

I will turn this off and give it another try, hopefully this will be the cause.

Is there anything else you would recommend for setting up a single home user with either the settings of NIS or windows? or router for that matter.

Thanks again

Phil_D · ‎06-10-2008

Using NIS 2012 at the standard defaults will provide excellent protection for your home network.

After disabling WPS on the router, you should delete the ‘mystery device’ on the Norton Network Security Map or purge the Network Map to get a fresh start. (Instructions listed below)

In Windows 7 you should check Control Panel\Network and Sharing Center > See full map. Be sure the device is no longer listed.

If you are going to use Wireless connectivity, please refer to your router documentation and use WPA or WPA2 (preferred) Security. Choose a long passkey comprised of a variety of letters (Upper and Lower case), numbers and characters. I prefer to use a passphrase which is at least 20 characters long. This key will be entered into the router and each computer that you wish to have wireless access.

Network Security Map instructions:

To Delete a device:

Open the Map
Highlight the device you wish to remove
Under ‘Total in Network’, click the [ - ] to remove the device.

To Purge the map of all devices:

Open the main UI
Go to Settings > Network > Network Security Settings > Network Security Map Purge [+]
This will clear the map of all devices.

If you have any other questions, please feel free to ask

Norton 360 • Norton Internet Security • Norton Zone | XP SP3 • Windows 7 Professional SP1 x64
• PLEASE, BACKUP or EXPORT your Identity Safe Data on a regular basis •