WiFi Security

I am hoping to start using WiFi that is in my apartment building. It is not secure and I want to make sure my computer will be secure or I will have to stay with dial up. I have XP, use Firefox, Thunderbird, Comodo Firewall, SpyBot and Malwarebytes and AVG Antivirus. I don’t understand much of this so please give any answers in plain English.

I checked my computer by using ShieldsUP and it showed that my “computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.”

But it also said, "Results from scan of ports: 0-1055

1 Ports Open
0 Ports Closed
1055 Ports Stealth

1056 Ports Tested

NO PORTS were found to be CLOSED.

The port found to be OPEN was: 22

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,

• NO unsolicited packets were received,
• A PING REPLY (ICMP Echo) WAS RECEIVED.

And:

GRC Port Authority Report created on UTC: 2009-10-08 at 19:27:14

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

1 Ports Open
0 Ports Closed
25 Ports Stealth

26 Ports Tested

NO PORTS were found to be CLOSED.

The port found to be OPEN was: 22

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,

• NO unsolicited packets were received,
• A PING REPLY (ICMP Echo) WAS RECEIVED.

I was told since Port 22 was open and not stealth was a problem.

I’m told there is nothing I can do physically to the WiFi set-up to make the system secure, so I’m hoping I can get help to change the report on Port 22.

I believe Comodo is configured as it installed itself. Is there some change in the settings that will make Port 22 secure? If not, is there some other way of securing my computer?

Thank you,

Bernadine

G’day Bernadine and welcome to the forums.

When you say you’re using Comodo Firewall, I’m assuming that you’re using Comodo Internet Security V3.12, but have chosen to not use the anti-virus (based on your stated preference for AVG).

When you are using ShieldsUp, the report you get back details the port settings on the first responding device ShieldsUp finds on its way back to you (the IP address that requested it). As such, any open ports it reports are those in the WiFi router, not on your PC, as the WiFi router is in between your PC and the ShieldsUp server.

Having port 22 open on your communal router CAN be a problem, but you have taken a good first step by installing a personal firewall on your PC. Having a properly configured firewall on your PC (Comodo’s default configuration is adequate) will alert you to any inbound access attempt.

Since there is nothing you can do to the router (I assume it’s off limits to you) a good next step would be to change Comodo Internet Security’s (CIS) configuration to PROACTIVE. DO a right click on the system tray icon for CIS and click CONFIGURATION. Select Comodo Proactive Security. This changes certain settings within CIS. As a result you MAY get a few more alerts, but I believe that you are better off to have a few too many and a few too few.

Hope this helps,
Ewen

Hi Panic,

That’s usually what I do when I’m trying to solve a computer problem or have a question. Thank heavens I’m not this time.

I did do the Security test again with all the same settings except using my dial up connection and that Port 22 was stealth. I will try your suggestion tomorrow, just too tired tonight, and will let you know.

Thanks,
Bernadine

Hi Bernadine

If you do not want to share files etc with any other computer (Home Network) then you may be interested in this thread

https://forums.comodo.com/firewall_help/public_wifi_ics_server_and_other_stuff-t45892.0.html;msg331077

All the best, woz of oz

Hi panic,
“change Comodo Internet Security’s (CIS) configuration to PROACTIVE”
It was already on Proactive. Just have changed it and didn’t remember, strange for me to change from the standard.

Hi Wozofoz,
If you do not want to share files etc with any other computer (Home Network) then you may be interested in this thread

https://forums.comodo.com/firewall_help/public_wifi_ics_server_and_other_stuff-t45892.0.html;msg331077

I went to the thread and got quite confused. ??? I don’t understand all of the bits and pieces of computers and when an answer has so many words, I just get dizzy. Since I don’t know what Port 22 does/is, I don’t know what changes need to be made. The test I did through ShieldsUp using WiFi said everything was in Stealth except Port 22, no sharing files, etc. When I did the test again using dial up even Port 22 was Stealth. For fear I might chage something that is secure into not secure, I really don’t want to have to make any changes except for those that will make Port 22 Stealth when I use WiFi. Is there a particular part of that article that would include Port 22? I use XP.

Thanks,

Bernadine

I am also using an unsecured wifi at the moment in a yacht marina. I added the network to My Blocked Network Zones which I would hope would prevent any access. I also use Trust Connect or Hotspot Shield for anything private like purchases.

I am no expert, so maybe someone else can comment on these.

See. You’re smarter than you think you are.

The test I did through ShieldsUp using WiFi said everything was in Stealth except Port 22, no sharing files, etc. When I did the test again using dial up even Port 22 was Stealth.

This is a good thing. What this means is that your Comodo firewall is stealthing all ports. Therefore, when you use the WiFi connection, even though the WiFi routers port 22 is open, port 22 on your PC is stealthed (along with all other ports) by the Comodo firewall on your PC.

I went to the thread and got quite confused. I don't understand all of the bits and pieces of computers and when an answer has so many words, I just get dizzy.

Don’t worry. I get the same feeling when my wife asks “Does this dress make my bum look big?”.
I now know saying “The dress isn’t playing a big part in it.” ISN"T the right answer.

If you want to learn, there are a lot of posts on the forum for beginners. One to start with is

https://forums.comodo.com/frequently_asked_questions_faq_for_comodo_firewall/internet_and_networking_terminology_for_beginners-t1126.0.html;msg7211#msg7211

Hope this helps,
Ewen

Hi panic,

Sometimes I’m smarter than I think and sometimes I just get lucky!

“This is a good thing. What this means is that your Comodo firewall is stealthing all ports. Therefore, when you use the WiFi connection, even though the WiFi routers port 22 is open, port 22 on your PC is stealthed (along with all other ports) by the Comodo firewall on your PC.”
This confuses me. When I use dial-up, all the Ports are Stealth, but when I use the WiFi Port 22 isn’t stealthed. Shouldn’t the open Port 22 be Stealth on both dial-up and WiFi? Or is it different? Same test, same computer and programs, just the difference in the way I’m connecting to the internet?

“Don’t worry. I get the same feeling when my wife asks “Does this dress make my bum look big?”. Wink
I now know saying “The dress isn’t playing a big part in it.” ISN"T the right answer.”
That’s a no win question, I hope my Port 22 question isn’t a no win question.

What does Port 22 do? If it can’t be Stealthed on WiFi like it is with dial-up, could it be closed? How? What difference would there be in my computer?

I will take a look at the link you sent for beginners.

JamesFrance posted "I am also using an unsecured wifi at the moment in a yacht marina. I added the network to My Blocked Network Zones which I would hope would prevent any access. I also use Trust Connect or Hotspot Shield for anything private like purchases.

I am no expert, so maybe someone else can comment on these."

With Comodo, AVG Antivirus, Malewarebytes and Spybot S&D, would one of the programs he mentions be too much or a good idea when I’m paying bills on line.

Thanks,
Bernadine

The difference IS how you connect. When you are using dialup, the connection chain is

PC → MODEM → ISP → INTERNET

When you connect by WiFi, the connection chain is

PC → WIFI ROUTER → ISP → INTERNET

The difference is when you connect by dialup your PC is “sort of” directly connected to the internet and it is your PC that is being tested and reported on by ShieldsUp. When you connect by WiFi, your are connecting to the router and it is the router that responds to and is reported on by ShieldsUp.

Regardless of the connection method, your Comodo firewall is stealthing all ports (as shown by running ShieldsUp when conncting by modem). Even when you connect by WiFi, port 22 on the router is open, but port 22 on your PC is stealthed.

What does Port 22 do?

Port 22 is used for SSH, a form of secure remote connection.

If it can't be Stealthed on WiFi like it is with dial-up, could it be closed? How?

It can be stealther on WiFi, but this requires a change to the configuration of the WiFi router.

What difference would there be in my computer?

None. Your Comodo firewall is stealthing all ports, regardless of your connection method.

With Comodo, AVG Antivirus, Malewarebytes and Spybot S&D, would one of the programs he mentions be too much or a good idea when I'm paying bills on line.

Trust Connect is a very good idea if you are doing anything financial over a wireless connection that is not under your control. https://forums.comodo.com/comodo_trustconnect_securing_the_wireless_world/you_wanted_trustconnect_and_wanted_it_for_freewell-t45831.0.html

Hope this helps,
Ewen

Thanks,
Bernadine
[/quote]

Hi panic,

Sorry for being so dense, I’m trying to wrap my head around this Port 22 thing. Let’s see if I’ve got it. When I’m using dial-up, ShieldsUp looks directly at my computer, and determines my computer is Stealth. When I’m using WiFi, ShieldsUp looks at the WiFi router, not my computer. And though ShieldsUp can detect Port 22 on the Router, it still can’t detect Port 22 on my computer. ??? It just dawned on me, it’s like there are 2 Port 22’s - one on the router and one on my computer. ??? Then the next question follows: when I used WiFi, why was Port 22 the only port ShieldsUp reported as not Stealth? There were many ports that ShieldsUp reported were Stealth.

At some point in time when I was on the WiFi, somewhere I saw a list of computers that were connected up with the WiFi here in the apartments, some had names attached. So with Stealth on all my computer’s ports, it won’t know, or tell I’m on WiFi. ???

“Trust Connect is a very good idea if you are doing anything financial over a wireless connection that is not under your control.” (I couldn’t figure out how to do the quotes)
I read about TrustConnect on the link you sent, but I need a program that is free. Is the other program mentioned, HotSpot Shield reliable?
And by having my computer in Stealth, I have control over my computer but can’t have control over the router because it belongs to the apartment complex.

Thanks,

Bernadine

Don’t worry - the only truly dumb question is the one that doesn’t get asked.

Then the next question follows: when I used WiFi, why was Port 22 the only port ShieldsUp reported as not Stealth? There were many ports that ShieldsUp reported were Stealth.

Because port 22 is not stealthed on the router, but the other ports on the router apparently are.

At some point in time when I was on the WiFi, somewhere I saw a list of computers that were connected up with the WiFi here in the apartments, some had names attached. So with Stealth on all my computer's ports, it won't know, or tell I'm on WiFi. ???

Think of the router as having two network connections in it - one facing inwards at your PC (and the other PCs that connect to it) and the other facing outwards towards the internet. The listing you saw was a list of the PCs connecting to the inwards facing connection, including yours. Regardless of the stealth status of the ports on your PC, you still have a connection to the router, so you will still appear in this list.

Think of your connection to the router as a pipe. This pipe has to exist for data to get from your PC to the router and vice versa. Think of your firewall as a plug in the end on the pipe. Think of ports as holes in the plug at the end of the pipe. If a port (hole) is open data can get in and out. A stealthed port is like a hole that is plugged and only gets unplugged when YOU want data to get out. Data can’t poke it way through the plug to get to you.

"Trust Connect is a very good idea if you are doing anything financial over a wireless connection that is not under your control." (I couldn't figure out how to do the quotes) I read about TrustConnect on the link you sent, but I need a program that is free.

Trust Connect now offers a 10Gb per month free account. Please revisit the link I provided.

And by having my computer in Stealth, I have control over my computer but can't have control over the router because it belongs to the apartment complex.

That’s correct. It’s up to whoever administers the apartments router to make port 22 stealth. You’ve done the right thing by making port 22 (and all other ports) on your PC stealthed.

Please feel free to refer them to these forums if they need assistance.

Cheers,
Ewen

What about the Ping Reply ? ?

If that is only when using WiFi and not when on dialup I guess it is the Wifi router that replied.

Otherwise it may be appropriate to add the rule
“Block ICMP In from IP Any to IP Any where ICMP Message Is Echo Request” to
FireWall / Advanced / Network Security Policy / Global Rules

Alan

That is exactly what I’ve been explaining.

Thank everyone who took their time to answer my questions and for your patient help. I think I’ve got it, except for the ping thing and the reply to that basically tells me not to worry about pings.

I will go back and look at Trust Connect and find that free version. I know 10 Gb is a lot (at least in my world) but I’m not sure how it works if that counts everything I do or just using it to pay bills etc. but I don’t have a lot of bills to pay so that sounds like it would be more than enough. When I get it going, if I have a question, I’ll come back and visit again.

Thanks a lot,

Bernadine

Glad we were able to help out.

See you round.

Cheers,
Ewen