For some time now i have been having a problem securing my computer against someone determained to access my computer..
Anyway, i decided to try a fresh install of windows 7
I reset my router and turned off wireless and connected directly (changed password etc)
Installed NIS 2012, in general settings moved every block share rule above the allow rule (i'm trying anything)
Connected and changed the network to restricted.
Changed the connection in windows to public.
Turned up UAC to notify every time.
Anyway, everything seemed secure for while, i kept my eye on the network devices connected and after a while it suddendly showed another computer connected to my network.
So how do i see what went wrong, and how is someone connected to me every time.
on your router, have you activated the router wireless security, whitch is WPA/WPA2 and then create a unique password when you log in to your network from your computer.
its very important to protect your wireless network from people ho should not have access to your network, beacause you do not know what kind of damage they will do to you and others.
you should find the security settings under wireless settings, this will change on what label and brand you are using on your router, but the principle are the same.
Is your wireless router using WPS? ('WiFi Protected Setup' or quick set up)
This feature is known to allow other devices using WPS to appear on your Windows 7 network map and consequently on your Norton Security Map.
If you read through thisthread, it is suggested that turning off the 'WiFi Protected Setup' will prevent the unknown devices from being recognized:
"If you turn off WiFi Protected Setup in your own router the unwanted Network Infrastructure devices should disappear. WiFi Protected Setup is a system to connect WiFi devices using PIN numbers. The router will pick up on other devices (routers, wifi printers) using WiFi Protected Setup and allow them to be visible as accessible network infrastructure on your LAN computers. If you don't need to use WPS yourself you can disable it and get rid of the annoying entries in Network."
To avoid this, WPS must be completely turned off and the Wireless security configured manually. If you have completely turned off WPS, then please disregard the above.
Why doesn't NIS filter out these devices from the Network Security Map? Part of the value added by the NIS Network Security MAP is that it is supposed to only display devices that are ACTUALLY in your network. Just because Windows sees a device doesn’t mean that NIS should display it.
Why doesn't NIS filter out these devices from the Network Security Map? Part of the value added by the NIS Network Security MAP is that it is supposed to only display devices that are ACTUALLY in your network. Just because Windows sees a device doesn’t mean that NIS should display it.
Hi,
Can we reverse that for a minute. If the system recognizes a device, friend or foe, and does not display it, how to you protect yourself from it? If you go into the security map and see devices that are not part of your network, allowed devices, you can change its trust level so that it cannot compromise your network/system.
When it comes to security I'd rather it be a bit more information than I think I need rather than less so that I can't make an informed decision.
Why doesn't NIS filter out these devices from the Network Security Map? Part of the value added by the NIS Network Security MAP is that it is supposed to only display devices that are ACTUALLY in your network. Just because Windows sees a device doesn’t mean that NIS should display it.
Hi,
Can we reverse that for a minute. If the system recognizes a device, friend or foe, and does not display it, how to you protect yourself from it? If you go into the security map and see devices that are not part of your network, allowed devices, you can change its trust level so that it cannot compromise your network/system.
When it comes to security I'd rather it be a bit more information than I think I need rather than less so that I can't make an informed decision.
Just me being me.
Shouldn't the map at least indicate which devices are actually in the network vs. those that are just out there so that people don't get unnecessarily concerned that there are intruders in the network? Also, why just show the WPS devices and not all the others in range?
I am in agreement with the remarks put forth by dickevans. I want to know what devices are connected to my network and also what devices Windows thinks are connected. This gives me more information to evaluate my own network security.
Although there may be numerous wireless devices in range, it is generally only devices using WPS that display in this manner. There must be a WPS device on the user's machine and another remote WPS device within range.
It is due to a flaw in the WPS PIN broadcast exchange mechanism. Basically, the two WPS devices are trying to communicate with each other in order to establish a connection. There is more detail about this flaw here.
Personally, I think people should have concerns about using WPS.
Yes, i have a WPS on my router and no i haven't disabled it. It's a relatively new router so still getting to know all it's features (virginmedia superhub).
I will turn this off and give it another try, hopefully this will be the cause.
Is there anything else you would recommend for setting up a single home user with either the settings of NIS or windows? or router for that matter.
Using NIS 2012 at the standard defaults will provide excellent protection for your home network.
After disabling WPS on the router, you should delete the ‘mystery device’ on the Norton Network Security Map or purge the Network Map to get a fresh start. (Instructions listed below)
In Windows 7 you should check Control Panel\Network and Sharing Center > See full map. Be sure the device is no longer listed.
If you are going to use Wireless connectivity, please refer to your router documentation and use WPA or WPA2 (preferred) Security. Choose a long passkey comprised of a variety of letters (Upper and Lower case), numbers and characters. I prefer to use a passphrase which is at least 20 characters long. This key will be entered into the router and each computer that you wish to have wireless access.
Network Security Map instructions:
To Delete a device:
Open the Map
Highlight the device you wish to remove
Under ‘Total in Network’, click the [ - ] to remove the device.
To Purge the map of all devices:
Open the main UI
Go to Settings > Network > Network Security Settings > Network Security Map Purge [+]
This will clear the map of all devices.
If you have any other questions, please feel free to ask
I am in agreement with the remarks put forth by dickevans. I want to know what devices are connected to my network and also what devices Windows thinks are connected. This gives me more information to evaluate my own network security.
Although there may be numerous wireless devices in range, it is generally only devices using WPS that display in this manner. There must be a WPS device on the user's machine and another remote WPS device within range.
It is due to a flaw in the WPS PIN broadcast exchange mechanism. Basically, the two WPS devices are trying to communicate with each other in order to establish a connection. There is more detail about this flaw here.
Personally, I think people should have concerns about using WPS.
Hope that helps.
I think Windows knows that these mystery devices are not connected to the network. Check out the Network Location Name column in the Windows Network Folder. Your devices have your network name in this column and the mystery WPS devices don’t Doesn't this mean that the device is not actually connected? I don’t mind if the device is on the Network Security Map as long as it is made clear that it is not an intruder.
Regarding WPS, many routers don’t allow you turn it off completely. On my router I can disable the WPS Router PIN, which protects against the vulnerability you linked to, but I can’t turn off the other WPS modes (e.g., push button).
Is the MAC address of the mystery device nearly identical to your router's MAC address (the router does not normally appear in the Network Security Map - you can find the MAC address in the router settings)?
The unknown device ip address is the same as the router and the mac address the same apart from the last letter.
That is because the unknown device is your router. Some routers, such as the ubiquitous Linksys WRT54G, have multiple MAC addresses. If you check the Status tabs in the router settings for the Linksys for example, you'll see three separate MAC addresses - one for the router that your ISP sees, one for your ethernet (wired) LAN, and one for your local wireless network. The last digit differs by one for each of these MAC addresses. While you are connected by ethernet wire, what you are seeing as the mystery device is probably the MAC address for the wireless component of the router. You can check that by going into the router settings that I mentioned and verifying the MAC addresses shown in the Status -Router, Status- Local Network and Status-Wireless tabs.