Remerciements3 Stats

Norton - Please provide a service for your paying customers that externally tests our (the customers) network/router externally for hacking vulnerabilities

Norton, I am a paid customer with an active subscription and I have been a paid member for years now. So please consider my suggestion.

Please provide a service for your paying customers that tests our (the customers) network/router externally for hacking vulnerabilities.

With recent news of Russia, China and other countries probing, hacking and attacking all US networks (both home routers and others) a service like this would be vital.  An ounce of prevention beats a pound of cure. 

"The United States Computer Readiness Team (US-CERT), an organization within the Department of Homeland Security responsible for analyzing and responding to cyber threats, has published a warning about the exploitation of network devices, including routers, by a state-sponsored attack group."

Here is another article about how our routers of us home users are being targeted and under potential attack.

http://www.wired.co.uk/article/russia-hacking-russian-hackers-routers-nc...

The service/feature I am requesting would be a service similar to "Nessus" by Tenable. Unfortunately, that service is over $1,000 per year. The service I am requesting you implement would not be simple port scans like some websites offer. I am talking about an extensive service that tries to probe every hole and hack every crannie on ones home router. Things like (but not limited too) "Exploit router backdoor access", "webremote command execution via shellscript", "exploit netcore router backdoor access" and on and on. As I said, every known exploit and nook and crannie.  

A service like what I am requesting will help your paying customers with intrusion prevention and exploit protection, notifying them that even if they fully updated their router, they may need another newer/different router or another form of protection. Right now, customers are left guessing and hoping that their fully patched software, AV, and router is sufficient. Guessing, crossing fingers and hoping is not a good thing and should not have to happen. While Norton AV is a great product for protecting the PC,  great protection is needed before it even gets to that point.

I realize your router, "Norton Core" may help to a degree with this, but not all of your paying customers have this router nor will everyone agree to buy this router. There will be millions that chose not to. However, if vulnerabilities are found and shown to the user of their current router and how these vulnerabilities would be protected with Norton core, in addition to helping all your paying customers be more secure, this may be a great way to promote an upgrade to Norton Core as well.

Please provide peace of mind to us paying customers and provide a service that externally tries to hack/test our home networks for vulnerabilities, so that when these vulnerabilities are found, us customers can make the necessarily adjustments/improvements.

Thank you Norton developers

Réponses

Remerciements0

Re: Norton - Please provide a service for your paying customers that externally tests our (the customers) network/router externally for hacking vulnerabilities

An excellent request !

Put much better that I would have.  I'll bet that if Symantec/Norton effectively addresses these safeguards with no extra charges to Customers, their Subscriptions would show it.  Let's hope they seriously consider this situation in the long-term.  We need Symantec/Norton to step-up NOW.  (1984 is now)  - Art

Words of Wisdom: "THE ROAD TO HELL IS PAVED WITH GOOD INTENTIONS" - [Grandparents] "There has never been an original thought." - [Someone, I'm sure] "I've spent my whole life 'polishing turds'" - [Me]
Remerciements0

Re: Norton - Please provide a service for your paying customers that externally tests our (the customers) network/router externally for hacking vulnerabilities

Home network attacks and vulnerabilities on our home routers from "an advanced nation" has been getting a lot of news lately.

https://www.google.com/search?source=hp&ei=qj8HW9eRJ9DYsAXT_b-YCA&q=500%...

This thread has gotten a couple of kudos and this is a very relevant issue and potential weakness for anyone and all with home routers, even if people have their personal routers fully patched. Many Norton customers do not even know what patching a router means. Due to the current worldwide cyber climate, I am surprised no one from Symantec/Norton has commented on this very important issue in this thread regarding home router vulnerability and the suggestion for a way to test our routers vulnerabilities via a Symantec/Norton external test, regardless of the make and model of our routers. This is a feature that can be added to further protect us paying Norton subscribers (see original post).

Here are some excerpts from one of multiple recent articles talking about this issue:

https://www.usatoday.com/story/tech/talkingtech/2018/05/24/500-000-route...

"Hackers infect 500,000 consumer routers all over the world with malware"

"the malware can allow hackers to steal website credentials as well as render a router unusable, cutting off access to the Internet. "

“These hackers are exploiting vulnerabilities and putting every American’s privacy and network security at risk," said FBI Special Agent in Charge Bob Johnson"

- End article excerpts

The thing is, many do not know what patching means. Those that do may have their routers fully patched but may still be vulnerable. They are just crossing their fingers but may need to purchase an entirely new router.

Norton Symantec is great for protecting PCs but if a customer's home router gets compromised, bank account information, health information, 401k and any other very important sensitive information people have that is accessed via their home networks could be at risk for being stolen and compromised. Having great protection at the end point/PC level is great but it ultimately means nothing if the hardware device outside of the PC but still in our homes becomes compromised. Currently there is nothing Symantec will detect or do regarding a vulnerable or compromised home router. I am hoping this changes in the very short future due to the dangerous online Cyberwarfare environment. Large state sponsored actors are behind a lot of this, there is little consequence for bad actors (large or small) and the IOT can largely be considered the "wild west" at this point.

Symantec, please read the original post in this thread and implement my idea. Guessing and crossing fingers is not a good option when in the Wild Wild West. It may still remain the "Wild West" but in implementing what I am suggesting, you would be giving us a higher degree of armor against the gunfighters/quick draws in this environment.

Remerciements0

Re: Norton - Please provide a service for your paying customers that externally tests our (the customers) network/router externally for hacking vulnerabilities

Hello NortonUser81, welcome to the forums. F-Secure offers a rather simplistic router test here. As a start this is a test everyone should be running against the client(s) they are using to browse. Regarding routers. Norton does not provide firmware or testing tool to vendors for their products. However, Norton products are customized to protect the "local machine" in a networking environment and WILL alert as well as stop attacks using cloud based threat assessment.  Norton does offer the Norton Core Router as a hardened appliance against these and other threats. Using Core myself, I also use the CloudFlare DNS on my FIOS device as primary and secondary DNS values 1.1.1.1 & 1.0.0.1 respectively, since Core in behind that device due to a NAT-NAT environment. Core doesn't give me any issues with that setup.  

The statement:

"Hackers infect 500,000 consumer routers all over the world with malware"

This is being done world wide BECAUSE the end user is not following best practices in the use of their equipment. Router manufacturers should be providing firmware along with adequate user documentation to properly setup, use, update and maintain their products as well as customer support for their products. As well as the "branded" products they manufacture for ISP's.  

For the IT professional the Snort public set as posted from Cisco has some great rule sets to mitigate. Symantec also discusses running Snort on IIS as well. As you can see this is detailed around a hardened IDS. Hope this helps.

Cheers

MS Certified Professional : Windows 11 Home/Pro 23H2 x 64 build 22631.2792 / Windows 10 Pro x 64 version 22H2 / build 19045.3758 / Norton Security Ultra - Norton 360 Deluxe ver. 22.23.10.10 / Opera GX LVL5 (core: 104.0.4944.70) 64 bit-Early Access w/Norton Chrome Extensions / Android 14 One UI 6.1
Remerciements0

Re: Norton - Please provide a service for your paying customers that externally tests our (the customers) network/router externally for hacking vulnerabilities

Hi Soul,

I just ran the "F Secure router checker" tool and the "Qualys SSL Labs test". Even though I am highly interested in tech and IT and consider myself a moderate to advanced tech savy person, I did not know about these websites. How much less would the many millions who are not really tech savy know about them? Thank you for providing these links and notifying me of them.

As you so aptly stated "the end user is NOT following best practices". Many (if not most) of Symantec's user base (and majority of the whole population in general) has no idea about the websites you just provided. They have no idea of the need to update and patch a router. They may not even know what a patch is. Many people will not know about this forum. Many will not visit this forum. Many will not know to update and check their various hardware and software. We are a small group compared to the majority. This is why I think its so important that Norton provide a service like the services you directed me too (and then some) automatically, during a regular AV check for paid users, so that everyone, whether tech savy or not can get tested and notified automatically.

As we see from the news, we are (and have for a while now) dealing with a global situation and a very dangerous internet environment where global powers/players are probing and taking advantage of people's naivety. Many people just do not know any better. They are gonna trust that router the ISP gives them or they are going to continue using their 5-10 year old unpatched router. This currently leaves many people incredibly vulnerable, even if they have a current Norton Subscription with the AV installed. With what I am proposing, Norton can tell/notify them of their routers vulnerabilities whether they know about this stuff or not.

What I am proposing is Norton would have its own version of "F Secure router checker" tool and the "Qualys SSL Labs test" and other vulnerabilities testers as a built in test that Symantec performs during routine checks on its paid Antivirus software.

The feature I am requesting would communicate with Norton's servers to run Norton's version of those types of tools you provided (and then some) to check paid subscribers router vulnerabilities when the client/customer runs its regular AV check. So in essence, Norton will check for "virus signatures" as usual when clicking "Scan now" but it will also communicate with the Symantec server so that the Symantec server will run Symantec's version of "F Secure Router" and "Qualy's SSL Lab test" (and then some) externally and then provide the user with a "status" of what it found.

I think this would be a great way to notify and protect all of Symantec's user base, tech savy or not, Norton Core user or not. If everyday, untech savy people dont know whats wrong (or that there is even a problem), how are they supposed to know what to fix? I think my suggestion would fix this and I would like to see my suggestion in a future update of Symatec AV very soon.

Remerciements0

Re: Norton - Please provide a service for your paying customers that externally tests our (the customers) network/router externally for hacking vulnerabilities

Yet another article today on this, yet no response from Symantec leadership on this suggestion in the Original post.

The title of the Ars Technica article today is: "VPNFilter malware infecting 500,000 devices is worse than we thought"

https://arstechnica.com/information-technology/2018/06/vpnfilter-malware...

Here are some excerpts from the article:

"Malware tied to Russia can attack connected computers and downgrade HTTPS."

" Two weeks ago, officials in the private and public sectors warned that hackers working for the Russian government infected more than 500,000 consumer-grade routers in 54 countries with malware that could be used for a range of nefarious purposes. Now, researchers from Cisco’s Talos security team say additional analysis shows that the malware is more powerful than originally thought and runs on a much broader base of models, many from previously unaffected manufacturers."

" The most notable new capabilities found in VPNFilter, as the malware is known, come in a newly discovered module that performs an active man-in-the-middle attack on incoming Web traffic. Attackers can use this ssler module to inject malicious payloads into traffic as it passes through an infected router. The payloads can be tailored to exploit specific devices connected to the infected network. Pronounced “essler,” the module can also be used to surreptitiously modify content delivered by websites. "

"All your network traffic belongs to us"

“Initially when we saw this we thought it was primarily made for offensive capabilities like routing attacks around the Internet,” Craig Williams, a senior technology leader and global outreach manager at Talos, told Ars. “But it appears [attackers] have completely evolved past that, and now not only does it allow them to do that, but they can manipulate everything going through the compromised device. They can modify your bank account balance so that it looks normal while at the same time they’re siphoning off money and potentially PGP keys and things like that. They can manipulate everything going in and out of the device.”

- End article excerpts

Read the Ars Technica article linked above to see if the expanded list includes your brand of router

That article actually has a lot more useful information and describes a lot more in depth about what is going on with our personal routers and how they are being attacked by Russia and other state sponsored governments. Once your routers are infected, you may not even know it and all of your passwords to your bank accounts and other sensitive personal information and can be intercepted and stolen without you even knowing it.

Symantec, again, please consider the suggestion I am requesting in the original post. State sponsored attacks are not something of yesterday. They are threat of today and tomorrow.

Remerciements0

Re: Norton - Please provide a service for your paying customers that externally tests our (the customers) network/router externally for hacking vulnerabilities

The Norton Community seems to be trying to get Norton to protect their router against external attacks from the network (World Wide Web). However, solutions already exist. This document briefly shows an example of that fact.

I am no expert, but the "Two-Way IPS" powered by "Trend Micro" on my router seems to be providing a protection service to my LAN. In fact, the Two-Way IPS is automatically updated by Trend Micro to keep my protection current and that includes updates and firmware upgrades necessary for this service.

I discovered my solution when I investigated the increasingly publicized concerns about network security and decided there are already products out there that seem to provide the service described by the folks in this quorum.

Please, weigh in, experts! I am happy with using Norton protection BEHIND my proactive Asus Router/Firewall/Two-Way Intrusion Protection System powered by Trend Micro.

Am I getting the protection the experts seem to be so concerned about?

                                      YES / NO / PERHAPS

Please read the attached document for details.