Expounding…
Q7/Q8. Whenever you connect to a network CPF3 automatically detects that your Wireless Card has connected to a new network. When you click Ok on the window pops up that adds your IP address as the only trusted IP Address automatically. This is the same even if you are on a home Private network.
There are a few other options which you might want to think about. - In Firefox there is an extension that you can download which scrambles your keystrokes which can be found here: https://addons.mozilla.org/en-US/firefox/addon/3383- This does tend to slow your system a little and obviously typing things out isn’t quite as fast as usual either but it’s an option for a bit of extra security. Particularly when you have just connected to a unsecure network and are typing in your passwords etc.
Obviously encrypting your system is also an option but since you’ll be connecting to a VPN which varies from provider but the encryption of the VPN is usually WPA and requires a login and Password. This brings me to answering Question 11. Comodo Trust Connect is a VPN (Virtual Private Network) At the moment this is offered free of charge and is probably the only VPN that I know of that is free. It’s a program that you will have to load and log into and you will see another wireless network Icon on your system tray. You can read more about it here: https://forums.comodo.com/comodo_trustconnect_securing_the_wireless_world/a_new_service_to_secure_the_wireless_world-t13379.0.html
You’ll need to PM Melih in order to be joined up and he’lll send you an email link to download the connection program.
Q9. Here’s the information from GRC.Com and can be found by putting the following address in your browser: GRC | Port Authority, for Internet Port 0 - Replaceing “(Portnumber)” with the port number you want to look up.
Port Authority Database
Port 135
Name:
dcom-scm
Purpose:
DCOM Service Control Manager
Description:
Microsoft’s DCOM (Distributed, i.e. networked, COM) Service Control Manager (also known as the RPC Endpoint Mapper) uses this port in a manner similar to SUN’s UNIX use of port 111. The SCM server running on the user’s computer opens port 135 and listens for incoming requests from clients wishing to locate the ports where DCOM services can be found on that machine.
Related Ports:
111
Background and Additional Information:
Port 135 is certainly not a port that needs to be, or should be, exposed to the Internet. Hacker tools such as “epdump” (Endpoint Dump) are able to immediately identify every DCOM-related server/service running on the user’s hosting computer and match them up with known exploits against those services.
Any machines placed behind a NAT router (any typical residential or small business broadband IP-sharing router) will be inherently safe. And any good personal software firewall should also be able to easily block port 135 from external exposure. That’s what you want.
In addition, many security conscious ISPs are now blocking port 135 along with the notorious “NetBIOS Trio” of ports (137-139). So even without any of your own proactive security, you may find that port 135 has been blocked and stealthed on your behalf by your ISP.
Going Further: Closing port 135
The widespread exposure and insecurity of this port has generated a great deal of concern among PC gurus. This has resulted in several approaches to shutting down the Windows DCOM server and firmly closing port 135 once and for all. Although applications may be “DCOM enabled” or “DCOM aware”, very few, if any, are actually dependent upon the presence of its services. Consequently, it is usually possible (and generally desirable if you’re comfortable doing such things) to shut down DCOM and close port 135 without any ill effects. (The fewer things running in a Windows system, the fewer things to suck up RAM and slow everything else down.)
Port Authority Database
Port 136
Name:
profile
Purpose:
PROFILE Naming System
Description:
Related Ports:
Port Authority Database
Port 137
Name:
netbios-ns
Purpose:
NetBIOS Name Service
Description:
UDP NetBIOS name query packets are sent to this port, usually of Windows machines but also of any other system running Samba (SMB), to ask the receiving machine to disclose and return its current set of NetBIOS names.
Related Ports:
138, 139, 445
Background and Additional Information:
When Microsoft first awoke to the wide area network (WAN) Internet, its local area network (LAN) NetBIOS file sharing technology was using a “transport protocol” known as NetBEUI. Unlike the Internet Protocol (IP), NetBEUI does not have the concept of “ports”. So Microsoft grabbed a trio of three successive Internet ports 137, 138, and 139, to use for the transport of their existing NetBIOS protocol over IP-based LAN and WAN networks. The horrors of insecurity resulting from Microsoft’s exposure of their NetBIOS protocol to the Internet are legendary. They were the original impetus for our creation of the ShieldsUP! services, and our ongoing research into personal computer security and privacy.
As a result of the continuing security concerns created by the default global exposure of Windows’ NetBIOS file sharing, many ISPs are now blocking this wildly abuse-prone trio of ports on behalf of their users. Many users will find that the various ShieldsUP! probes and scans will report a “stealth” status for these ports without any user-side protection of any kind. After a decade of trouble, ISPs have stepped up and decided that, much as they didn’t want to be involved in the need to block specific ports, they are doing their users a security service for which Microsoft has been unwilling to take the necessary responsibility.
If you are curious to learn more about the truth and consequences of Microsoft’s Windows NetBIOS file sharing, the topic is covered carefully and in detail in a series of pages beginning here: GRC | Shields UP! -- Internet Connection Security Analysis .
445?
In the name of backward compatibility, Windows 2000 and subsequent Microsoft operating systems continue to support the original NetBIOS port trio. But with Windows 2000 and beyond, Microsoft has moved their NetBIOS services over to port 445 — and, perhaps not surprisingly, created an entire next-generation of even more serious security problems with that port. See the port 445 page for details.
Port Authority Database
Port 138
Name:
netbios-dgm
Purpose:
NETBIOS Datagram Service
Description:
UDP NetBIOS datagrams packets are exchanged over this port, usually with Windows machines but also with any other system running Samba (SMB). These UDP NetBIOS datagrams support non-connection oriented file sharing activities.
Related Ports:
137, 139, 445
Background and Additional Information:
This is the second port of the original “NetBIOS trio” used by the first Windows operating systems (up through Windows NT) in support of file sharing.
For additional information about this trio of Internet ports, please see the “Background and Additional Information” for the first port of the trio, port 137.
Port Authority Database
Port 139
Name:
netbios-ssn
Purpose:
NETBIOS Session Service
Description:
TCP NetBIOS connections are made over this port, usually with Windows machines but also with any other system running Samba (SMB). These TCP connections form “NetBIOS sessions” to support connection oriented file sharing activities.
Related Ports:
137, 138, 445
Background and Additional Information:
This is the third port of the original “NetBIOS trio” used by the first Windows operating systems (up through Windows NT) in support of file sharing.
For additional information about this trio of Internet ports, please see the “Background and Additional Information” for the first port of the trio, port 137.
Port Authority Database
Port 445
Name:
microsoft-ds
Purpose:
Microsoft Directory Services
Description:
This port replaces the notorious Windows NetBIOS trio (ports 137-139), for all versions of Windows after NT, as the preferred port for carrying Windows file sharing and numerous other services.
Related Ports:
137, 138, 139
Background and Additional Information:
While ports 137-139 were known technically as “NBT over IP”, port 445 is “SMB over IP”. (SMB is known as “Samba” and stands for “Server Message Blocks”.) After all of the trouble the personal computer industry has had with Microsoft’s original Windows NetBIOS ports 137 through 139, it is difficult to imagine or believe that Microsoft could have actually made things significantly worse with their replacement port 445 . . . but they did.
Whereas the great vulnerability originally created by Windows file sharing was that hackers could perhaps gain remote access to the contents of hard disk directories or drives, the default exposure of the Internet server Microsoft silently installed into every Windows 2000 system (where port 445 first appeared), allows malicious hackers to remotely log onto the computers of unsuspecting users — across the Internet — and more recently, though the use of some clever and readily available freeware tools (PsExec from SysInternals) to silently upload and run (in the remote user’s computer) any programs of their choosing without the computer’s owners ever being aware.
As you might imagine, malicious hackers have been having a field day scanning for port 445, then easily and remotely commandeering Windows machines. Even several hackers I have spoken with are unnerved by the glaring insecurities created by port 445. One chilling consequence of port 445 has been the relatively silent appearance of NetBIOS worms. These worms slowly but methodically scan the Internet for instances of port 445, use tools like PsExec to transfer themselves into the new victim computer, then redouble their scanning efforts. Through this mechanism, massive, remotely controlled Denial of Service “Bot Armies”, containing tens of thousands of NetBIOS worm compromised machines, have been assembled and now inhabit the Internet.
Dealing with Port 445
Needless to say, you do NOT want port 445 exposed to the Internet. Like Windows port 135 (which is a whole different problem) port 445 is deeply embedded in Windows and can be difficult or impossible to safely close. While its closure is possible, other dependent services such as DHCP (dynamic host configuration protocol) which is frequently used for automatically obtaining an IP address from the DHCP servers used by many corporations and ISPs, will stop functioning.
For the security reasons described above, port 445 has been causing so many problems that many ISPs are taking security matters into their own hands and blocking this port on behalf of their users. If our port checking shows your port 445 as “stealth” while you are not being otherwise protected by a NAT router or personal firewall, your ISP is probably preventing port 445 traffic from reaching you.
If you really want 445 closed
Any NAT router or personal firewall should be able to block port 445 from the outside world without trouble.
Q10. Block obviously stops new access attempts as Sded stated and Log will show the list of blocked attempts as they happen.
Hope this answers all your questions further.
Eric