If you’re running Norton InterNet Security and Vista, it’s important to remember that file sharing security is handled through your Firewall.
Here are instructions for Norton InterNet Security, it took me a while to find them. Blocking Windows file sharing, especially if wireless is active, is a very important security step.
Norton Internet Security => Settings => Select Norton Internet Security Options at bottom of the page
Select Personal Fire Wall – Advanced – review list to ensure there are no dangerous permissions
See this Norton Description of Options: Note ORDER OF OPTIONS IS IMPORTANT!
http://service1.symantec.com/SUPPORT/sunset-c2002kb.nsf/pfdocs/2001023451590766?Open&docid=2001023451590766&nsf=nip.nsf&view=pfdocs
Block Windows File Sharing – Prevents other computers from accessing shared files that are on this computer. Also prevents other computers from using shared printers that are attached to this computer. When this rule is moved up in rules list so that it is applied before other rules regarding file and print sharing, this rule provides an easy method to turn file and print sharing on or off.
ICPM In/Out Leave Enabled - Allows Pings to be sent and received
DNS In/Out Leave Enabled - Removing this rule causes DNS to fail. To increase security without removing the rule, change the rule to allow the computer to send DNS queries only to the user’s primary DNS server.
In NetBIOS Name DISABLE Prevents NetBIOS requests from finding the name of the local computer. NetBIOS cannot find the computer name by sending a query to the local computer.
Bootp Leave Enabled – allows for static IP addresses.
Outbound Netbios Leave Enabled – allows you to view shared files on other computers.
Inbound NetBios Disable – prevents other computers from accessing your files.
Microsoft SMB Block – SMB is a Microsoft Windows feature that can be used to provide an alternate method for file and print sharing. This rule prevents SMB from being used to permit file and print sharing.
Loopback In/Out Leave Enabled – allows the computer to send messages to itself.
EMAP Block – Disable – EPMAP is a protocol that can be used by one computer to change the configuration of the services that are running at another computer. This rule prevents EPMAP from modifying the services that are at the local computer.
UpnP Leave Enabled – Universal Plug and Play
SSDP Leave Enabled – Simple Service Discovery Protocol – discovers plug and play
LLMNR Leave Enabled - Local Link Multicast Name Resolution
Reset the Firewall and make these changes. Check your system often to see if hackers have altered them or if unauthorized changes have been made!
Block List: Order is important, move up the most important
Block Windows File Sharing – Prevents other computers from accessing shared files that are on this computer. Also prevents other computers from using shared printers that are attached to this computer. When this rule is moved up in rules list so that it is applied before other rules regarding file and print sharing, this rule provides an easy method to turn file and print sharing on or off.
In NetBIOS Name DISABLE Prevents NetBIOS requests from finding the name of the local computer. NetBIOS cannot find the computer name by sending a query to the local computer.
Inbound NetBios Disable – prevents other computers from accessing your files.
Microsoft SMB Block – SMB is a Microsoft Windows feature that can be used to provide an alternate method for file and print sharing. This rule prevents SMB from being used to permit file and print sharing.
EMAP Block – Disable – EPMAP is a protocol that can be used by one computer to change the configuration of the services that are running at another computer. This rule prevents EPMAP from modifying the services that are at the local computer.
Leave Enabled List:ICPM In/Out Leave Enabled - Allows Pings to be sent and received.
DNS In/Out Leave Enabled - Removing this rule causes DNS to fail. To increase security without removing the rule, change the rule to allow the computer to send DNS queries only to the user’s primary DNS server.
Bootp Leave Enabled – allows for statis IP addresses
Outbound Netbios Leave Enabled – allows you to view shared files on other computers.
Loopback In/Out Leave Enabled – allows the computer to send messages to itself.
IPV6 Leave Enabled – no dramatic warnings.
UpnP Leave Enabled – Universal Plug and Play
SSDP Simple Service Discovery Protocol – discovers plug and play
See also: Auditmypc.com
January 29, 2008 at 10:58 pm
I was wondering if people know about any awards for internet security? I have looked every where but can’t find information about things like this. I work in patching and vulnerability management and would love to know if anyone would be interested in such an award?