 | When setting up your network connection with File-and-Printer Sharing, you should have already de-activate the binding between the TCP/IP protocol used for your Internet connection with the File and Printer sharing for Microsoft networks: In the “TCP/IP Properties“, tab “Bindings“: no checkmark on “File and Printer sharing for Microsoft Networks“ |
But this is only a first stop, offering a low-level of security.
The TCP/IP protocol with its multiple services using different ports will still allow an attacker
coming in from the Internet to find out information about your system.
I suggest that you test the security of your system and visit on the Internet www.grc.com , click
on the “Shields UP“:
You can then run a check on your network security and your TCP/IP ports:
 |
Lets look at the Network security of my system with “Test My Shields !“
Port Probe : | ||
| Attempting connection to your computer. . . Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet! Please Note: On highly secure systems this may take up to one minute. . . |
| Preliminary Internet connection established! Your computer has accepted an anonymous connection from another machine it knows nothing about! (That’s not good.) This ShieldsUP! web server has been permitted to connect to your computer’s highly insecure NetBIOS File and Printer Sharing port (139). Subsequent tests conducted on this page, and elsewhere on this website, will probe more deeply to determine the extent of this system’s vulnerability. But regardless of what more is determined, the presence and availability of some form of Internet Server HAS BEEN CONFIRMED within this machine . . . and it is accepting anonymous connections! The rest of this website explains the implications and dangers of your present configuration and provides complete and thorough instruction for increasing the security of this system. At the moment, any passing high speed Internet scanner will quickly spot this computer as a target for attack. (When this page has completely finished displaying, you might wish to sneak a quick peek at these two pages to see what lies ahead at this website: )  The phrase you must remember is: “My port 139 is wide OPEN!” |
| Unable to connect with NetBIOS to your computer. The attempt to connect to your computer with NetBIOS protocol over the Internet (NetBIOS over TCP/IP) FAILED. But, as you can see below, significant personal information is still leaking out of your system and is readily available to curious intruders. Since you do not appear to be sharing files or printers over the TCP/IP protocol, this system is relatively secure. It is exposing its NetBIOS names (see below) over the Internet, but it is refusing to allow connections, so it is unlikely that anyone could gain casual entry into your system due to its connection to the Internet. |
 | Several of your private names are being served up to the Internet by the Windows networking system. (see below) While it’s unlikely that this information can be exploited, you should know what anyone can learn about you and your system. | ||||||||
 | |||||||||
 |  |  |
| ||||||
Looks like a big security hole with the “File and Printer Sharing port (139), it found out
my computer name and the workgroup name.
Lets look at the Network security of my system with “Probe my Ports !“
| Quickly Check for Connectable Listening Internet Ports Port Probe attempts to establish standard TCP/IP (Internet) connections on a handful of standard, well-known, and often vulnerable Internet service ports on YOUR computer. Since this is being done from our server, successful connections demonstrate which of your ports are “open” and actively soliciting connections from passing Internet port scanners.
|
21 | FTP | Closed | Your computer has responded that this port exists but is currently closed to connections. |
23 | Telnet | Closed | Your computer has responded that this port exists but is currently closed to connections. |
25 | SMTP | Stealth! | There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! |
79 | Finger | Closed | Your computer has responded that this port exists but is currently closed to connections. |
80 | HTTP | Closed | Your computer has responded that this port exists but is currently closed to connections. |
110 | POP3 | Closed | Your computer has responded that this port exists but is currently closed to connections. |
113 | IDENT | Closed | Your computer has responded that this port exists but is currently closed to connections. |
139 | Net BIOS | OPEN! | As you probably know by now, the NetBIOS File Sharing port is the single largest security hole for networked Windows machines. The payoff from finding open Windows shares is so big that many scanners have been written just to find open ports like this one. Closing it should be a priority for you! |
143 | IMAP | Closed | Your computer has responded that this port exists but is currently closed to connections. |
443 | HTTPS | Closed | Your computer has responded that this port exists but is currently closed to connections. |
| The current configuration has a direct and un-controlled connection to the Internet | |||||
| ||||||
| | | ||||
We need to add an additional module between the Internet and your system ( which monitors
all TCP/IP traffic and stops any unsecured communication), called : Firewall :
| ||||||
| ||||||
| |  | ||||
A Firewall can be a dedicated System (running just the Firewall program), which is usually the case
when protecting the connection between a large Local Area Network and the Internet.
Such professional Firewalls are often a combination with a Proxy-server, allowing User-control
and monitoring (which websites have been visited ? exclusion of certain websites)
For small networks or just for the connection of a single system to the Internet
( SOHO: Small Office – Home Office ), a Firewall can be just a software program running on
the PC, then called a “Personal Firewall“, working as “packet-filters” just looking at the
IP-packets received/transmitted based on their PORT-number.
 | Windows XP has a build-in Firewall. |
There are several packages available on the market (free / Shareware / to be purchased):
 | ZoneAlarm from www.zonelabs.com (compatible with Win95/98/ME/NT/2000/XP) ZoneAlarm is free for Personal and non-profit use ZoneAlarm Pro is a professional Firewall solution (to be purchased) |
| If you like your product to be listed here, please contact me. |
As an example for an installed Personal Firewall, I used ZoneAlarm
(special note on using ZoneAlarm on Windows XP ) :
 | if you now test your Security of your system via www.grc.com, all incoming illegal calls will be blocked off and not even answered anymore. |
|
21 | FTP | Stealth! | There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! |
23 | Telnet | Stealth! | There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! |
25 | SMTP | Stealth! | There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! |
79 | Finger | Stealth! | There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! |
80 | HTTP | Stealth! | There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! |
110 | POP3 | Stealth! | There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! |
113 | IDENT | Stealth! | There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! |
139 | Net BIOS | Stealth! | There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! |
143 | IMAP | Stealth! | There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! |
443 | HTTPS | Stealth! | There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! |
| Port Status Descriptions:
If all of the tested ports were shown to have stealth status, then for all intents and purposes your computer doesn’t exist to scanners on the Internet! It means that either your computer is turned off or disconnected from the Net (which seems unlikely since you must be using it right now!) or an effective stealth firewall is blocking all unauthorized external contact with your computer. This means that it is completely opaque to random scans and direct assault. Even if this machine had previously been scanned and logged by a would-be intruder, a methodical return to this IP address will lead any attacker to believe that your machine is turned off, disconnected, or no longer exists. You couldn’t ask for anything better. There’s one additional benefit: scanners are actually hurt by probing this machine! You may have noticed how slowly the probing proceeded. This was caused by your firewall! It was required, since your firewall is discarding the connection-attempt messages sent to your ports. A non-firewalled PC responds immediately that a connection is either refused or accepted, telling a scanner that it’s found a live one … and allowing it to get on with its scanning. But your firewall is acting like a black hole for TCP/IP packets! This means that it’s necessary for a scanner to sit around and wait for the maximum round-trip time possible — across the entire Net, into your machine, and back again — before it can safely conclude that there’s no computer at the other end. That’s very cool. FALSE STEALTH REPORTS |
The protection of a firewall should be for both directions: incoming and outgoing.
 | Incoming: I did not expect this: within minutes of installing the Firewall, I got 3 alerts: my system received from 3 different sources a PING signal , all within 1 minute ! Somebody probing for a target ? |
 | Outgoing: When starting a program to use the Internet connection (like in this example: Outlook Express), the Firewall will ask you whether this is a valid access. (there are viruses , which try to connect back to their home-server to transmit confidential data of your system , like passwords ! ). |
 | The firewall builds a list of programs allowed to connect out to the Internet. |
 | You need to check the security Settings, in this case under “Advanced” and declare by placing a checkmark, that network traffic on a LAN adapter does NOT to be checked, otherwise PING will not work to this system on the LAN and the systems will not see each other in the Network Neighborhood, if only TCP/IP protocol is insta |
