Public wifi - ICS Server and other stuff

Hi, I just installed CIS and so far I am very impressed :slight_smile:

I searched for an answer to this question but it seems everyone is interested in sharing the network while I am not (I guess)

I have an Acer Aspire One Netbook, Windows XP and always use public wifi, I do not have a home connection at all
I do not want or need any other computer or device to have access to my computer.

Firewall > Advanced > Firewall behavior settings > Alert settings
has the box
This computer is an internet connection gateway (ie. an ICS Server)
This box is Ticked by default, is that best and/or necessary considering my circumstances ?

By the way, I have already made the following changes. These changes are ok for my β€˜special’ circumstance but most, if not all of these Services will be necessary for the β€˜average user’

Control Panel > Administrative Tools > Services
Computer Browsing: From Auto to Disable and Stop
DNS Client: From Auto to Manual and Stop
IPSEC Services: From Auto to Disable and Stop
WorkStation: From Auto to Disable and Stop

If anyone has any tips or tricks that can make public wifi use safe and still as fast as possible, I would love to read about them.
Thank you in advance for your time and help :slight_smile:

All the best, woz of oz

The first thing to do is to Stealth your computer using the Stealth Ports Wizard. Go to Firewall β†’ Common Tasks β†’ Stealth Ports Wizard β†’ choose β€œBlock all incoming connections stealth my ports to everyone”–> Finish.

Disable β€œThis computer is an internet connection gateway (ie. an ICS Server)” as you don’t need it.

Not sure how this works on XP. In Vista and Win 7 you can set a connection to either Public or private. Set it to public when possible on XP.

Disable sharing of files, folder and printers under Windows. Disable NETBIOS under Properties of your network connection β†’ IPv4 β†’ Properties (if I remember correctly).

Make sure svchost and system are set to Outgoing only in CIS.

Excellent reply EricJH, thank you so much :slight_smile:

This will keep me happily occupied for a while :wink:

All the best, woz of oz

The above suggestions for CIS are easy peasy but in case other Windows XP users are interested here is the procedure for the Windows XP changes:

Disable sharing of files, folder and printers under Windows.
β€’ Open the Network Connections folder. β€’ Right click the local area network connection and click Properties. β€’ Un-tick [b]File and print sharing for Microsoft networks[/b]
Disable NETBIOS under Properties of your network connection --> IPv4 --> Properties (if I remember correctly).
β€’ Open the Network Connections folder. β€’ Right click the local area network connection and click Properties. β€’ Double click [b]Internet Protocol (TCP/IP)[/b] β€’ Select: Advanced β€’ Select: WINS β€’ Select [b]Disable NetBIOS Over TCP/IP[/b] button (from Default)
Not sure how this works on XP. In Vista and Win 7 you can set a connection to either Public or private. Set it to public when possible on XP.
This one I could not find for Windows XP, these Vista instructions below do not apply. β€’ Go to Start and right click on Network and then click Properties. β€’ Network and Sharing Center window will appear, from here you can see that the network type is Private Network (network discovery and file sharing are On by default). Click Customize to change the network type.

The closest I got (I think) was this article from Microsoft Support [at]

1. Log on to the host computer as Administrator or as Owner. 2. Click Start, and then click Control Panel. 3. Click Network and Internet Connections. 4. Click Network Connections. 5. Right-click the connection that you use to connect to the Internet. For example, if you connect to the Internet by using a modem, right-click the connection that you want under Dial-up. 6. Click Properties. 7. Click the Advanced tab. 8. Under Internet Connection Sharing, select the [b]Allow other network users to connect through this computer's Internet connection[/b] check box

This is as far as I get because the only thing in the Advanced tab is Windows Firewall
Maybe the above options don’t exist because of other changes I have made.
Edit: Or maybe the answer is even simpler:
Since I have never used Network Wizard to set up a network I do not have the option to change network settings

I started looking deeper into public wifi security because CIS popped up and told me another computer was trying to access my computer but I think this was just that someone else had just connected to the same router.
Anyway, there is nothing quite like such a pop-up to get people thinking about public wifi security and this is a good thing.
I am feeling more confident and secure now, thanks again :slight_smile:

Aside Suggestion: What are the chances, in the future, of CIS having an easy access (right click tray icon ?) Public WiFi or Home Use option
When the user takes their Note/Netbook to a public wifi hotspot a simple click shuts everything down except internet connection.
When they return home a simple click allows sharing etc

All the best, woz of oz

I have a Wi-fi modem and I was wondering if Comodo firewall protects Wi-fi modems and wireless connections from unauthorized access.

Comodo can not protect your wireless from being attacked.

To protect your wireless connection you need to enable encryption WPA or WPA2 (not WEP; that is not secure anymore), use a long key for encryption (use a generator like f.e. SpeedGuide.net :: WLAN Key Generator ), use MAC address filtering and you can disable the SSID broadcast.

Do you also want tips on how to configure the Comodo Firewall?

Yes, please :slight_smile: and also is it important to disable SSID broadcast. Because when disabled(SSID broadcast) my other computers cannot connect to my wireless modem.

First step is to stealth the firewall using Stealth Ports Wizard. Go to Firewall β†’ Common Tasks β†’ Stealth Ports Wizard β†’ select 'Block all incoming connections stealth my port to everyone" β†’ Finish. This has now changed the Global Rules; to see the Global Rules go to Firewall β†’ Advanced β†’ Network Security Policy β†’ Global Rules.

Assuming you don’t want to share files and folders with other computers on the network we are going to make your router the only trusted address on the network. First step is to determine the default gateway IP address of you network connector. Go to Start β†’ Run β†’ cmd β†’ enter β†’ a black box will show up and enter the following β†’ ipconfig /all (notice the space before /all) β†’ enter β†’ now look up the IP address of the default gateway and write it down.

Next step is to create a Network for your local network. Go to Firewall β†’ Common Tasks β†’ My Network Zones β†’ Add β†’ A new network zone β†’ give it a name like Only router or so β†’ Apply. Now select the Only router zone β†’ Add β†’ A new address β†’ select "a single address β†’ now do these routine threee times and fill in the following IP addresses:
The IP address of your default gateway
0.0.0.0.0
255.255.255.255
The last two are broadcast addresses that are helpful getting an IP address from the router.

Next step is to use the Stealth Ports Wizard again to add this new network as a trusted zone. When in the Stealth Ports Wizard β†’ Define a new trusted network stealth my ports to everyone else β†’ Next β†’ choose "I would like to trust and existing My Network Zone β†’ select the Router Only network from the drop down box below β†’ Finish. You can see the rule added under Global Rules.

Let me know how things go.