I have recently started using NIS 2009 and I had a scary situation where I was in an Internet Cafe connected to a wireless router with my laptop, and my buddy who was also at the same cafe with his laptop noticed that he could browse my workgroup and access all my shared folders. In NIS 2009’s Network Security Map, I had previously set the MAC addresses of the computers and devices that I wanted in my home network to pass through NIS’s firewall. I assumed that once this was set, only these items would have access through NIS’s firewall and anything else on any new network would default to be blocked. I was very surprised that this was not the case. I have looked everywhere in the configuration in NIS 2009, and cannot see how to default to restrict any new networks other than Internet access. I am interested if there is such a setting that I am not able to locate. I only want the MAC address that I have deemed safe to have access to my workgroup and shared files folders. I tend to access a number of public wireless routers and I don’t want to have to manually restrict every device on every new network that I encounter.
I have recently started using NIS 2009 and I had a scary situation where I was in an Internet Cafe connected to a wireless router with my laptop, and my buddy who was also at the same cafe with his laptop noticed that he could browse my workgroup and access all my shared folders. In NIS 2009’s Network Security Map, I had previously set the MAC addresses of the computers and devices that I wanted in my home network to pass through NIS’s firewall. I assumed that once this was set, only these items would have access through NIS’s firewall and anything else on any new network would default to be blocked. I was very surprised that this was not the case. I have looked everywhere in the configuration in NIS 2009, and cannot see how to default to restrict any new networks other than Internet access. I am interested if there is such a setting that I am not able to locate. I only want the MAC address that I have deemed safe to have access to my workgroup and shared files folders. I tend to access a number of public wireless routers and I don’t want to have to manually restrict every device on every new network that I encounter.
I will try disabling the Automatic File and Printer Sharing setting. If I disable this, then whenever NIS detects a new router, will it automatically set each device that it discovers in the Network Map to be restricted? It seems to automatically set any new discovered device as Protected, but Protected doesn’t seem to prevent access to shared files and folders
I understand that restricting by MAC address isn't foolproof but it has to be better than restricting by IP in NIS. If I set specific IP's in my home network to allow access to my shared folders, say something like 192.168.0.7 and 192.168.0.8, there is a good chance that those same IP's will have been dished out via DHCP in another network. MAC still seems to be best way to restrict access in NIS, however if you know of a better way to restrict access to specific devices in NIS, please let me know.
If you turn off the Auto Printer & File Sharing then you will have to give permission to others to see your shared folders. It will no longer be automatic.
You are protected from improper network attacks at any level you put the network in; even Full Trust.
At home I have a wireless router. I tend to always connect wirelessly at home with my laptop. I also have two PC’s and a network multifunction printer that are connected via wired LAN. I have set some shared folders on my laptop so if I am on one of my PC’s I can access shared files. In NIS 2009, I have added the MAC addresses of the two PC’s and the network MFP to allow access through the NIS firewall. I want it set in NIS so that these are the only items that can pass through the firewall. At the Internet Cafe, I connected to a open WiFi router, so no Ad-Hoc. I found that NIS discovered the router’s SID and then discovered all the devices connected to it. Every device was set as protected in the Network Map however that setting still did not prevent my friend from accessing my shared files. I also tend to connect to secured WiFi routers, were I either have the WEP key or the WPA password. Even in those situations, I still don’t want any other devices that are connected to that router to have access to my shared folders. I should only get Internet access. I want NIS to default to restrict access to ALL new devices. If I want a new device to have access, then I can manually select that device and grant permission via it’s MAC. Is this possible in NIS 2009? I’m surprised that NIS leans on automatically allowing access rather than the opposite.
In checking all the setting, there is no way to have the networks default to anything but Shared since this was enabled when you first installed NIS2009. If you did not have the Share Files and Printers enabled when installed NIS2009 may have chosen Protected as the default but I'm not sure (I would have to uninstall / reinstall to test). For the level of protection you want, you would have to set the sharing details in Windows (Vista actually lets you get a greater level of detail on this than XP; PRO versions are even tighter on this). You could a manual rule to first Allow File and Printer sharing for only the units you want and then move the existing Block File and Printer Sharing rule above the one for the Shared networks. (In the firewall General Rules settings; the rules are processed in order from top to bottom.) The port to do this with is port 139. See the picture below:
... If you did not have the Share Files and Printers enabled when installed NIS2009 may have chosen Protected as the default but I'm not sure (I would have to uninstall / reinstall to test).
Confirmed: When I installed NIS 2009 I did not have File and Printer Sharing enabled on any computers. NIS 2009 set the default Trust Level to Protected.
Thanks dbrisendine. I will try adding the manual rule as suggested and let you know how it works. Just so you are aware, the systems that were listed in the Network Map when I was at the Internet cafe (as well when I tested when connected at my friends router) were all listed as Protected, however that did not seem to prevent access to my shared files. Only when I selected a discovered device on the discovered router and changed the protection to Restricted did it prevent any access. Just to note, I am pretty sure that I have the File and Printer setting in NIS set to on (unfortunately I am at work - laptop is at home so can't check right now). I assumed that if I wanted ANY File and Printer sharing that that setting and be set as enabled. I will also try disabling the NIS File and Print sharing setting if it is enabled
From reading the limited documentation on Norton Trust levels, it is my understanding that if you have printer and file sharing enabled on your computer, Norton will default to a trust level of "Shared." An exception would be when Norton detects an insecure network, in which case it defaults to "Protected." So, NIS did what it is designed to do when you connected to an open network by giving it "Protected" status.
Now, I would have thought that this would have made your shared files inaccessible, but apparently that is not the case. So I looked up the descriptions of the various trust levels and most of them are easily understood. "Protected," however, is defined as equivalent to "none of the above." I'm wondering if anyone knows exactly how "Protected" differs from "Shared" and why your files were still visible.
SHARED Adds the network to the Shared list
All traffic that your computer receives from a Shared network is filtered. Only shared resources on your computer, such as files, folders, and printers are allowed. You should select this setting if you want the firewall to protect you from all traffic except those that pertain to file and printer sharing.
PROTECTED Adds the network to the Protected list
A network is in the Protected Trust Level when it has not been classified as Trusted, Shared, or Restricted. You remain protected from known attacks and all unexpected traffic.
RESTRICTED Adds the network to the Restricted list
The devices that are on Restricted network cannot communicate with your computer. However, you can still use the network to browse Web sites, send email messages, or transmit other communications.
