Norton Internet Security 2004 and online security check

talisair

Sorry I have alreay posted this under general security, new user - didn't know there was a dedicated norton area ...

I am connected through a University network as I am living in Halls; I have Norton Internet Security 2004 installed on my system which is running Windows XP Home Edition. My problem is, when I go to the Symantec online security check web page it scans my system for security threats and seems to find numerous ports open which it tells me should not be ... the solution it offers is for me to install a firewall program ... such as Norton Internet Security 2004!! If I have Symantec's own security program, the latest up-to-date version, why does thier security check show me as being vulnerable? Can anyone offer some insight??

talisair · Posted: Sat May 15, 2004 10:48 pm Post subject:

If it helps, here are the results of the security check; Norton says that ports will be either Open, Closed, or Stealth (Open being bad, closed bad but not so bad, and Stealth being good) The ports it tells me are open are:

ICMP Ping Ping. Ping is a network troubleshooting utility. It asks your computer to acknowledge its existence. If your computer responds positively to a ping, hackers are more likely to target your computer.

21 FTP (File Transfer Protocol). FTP is used to transfer files between your computer and other computers. Port 21 should be open only if you're running an FTP server.

22 SSH. TCP connections to this port might indicate a search for SSH, which has a few exploitable features. SSH is a secure replacement for Telnet. The most common uses of SSH are to securely login and copy files from a server.

23 Telnet. Telnet can be used to log into your computer from a terminal anywhere in the world. This port should be open only if you're running a Telnet server.

79 Finger. Finger is an Internet utility that allows someone to obtain information about you, including your full name, logon status, and other profile information.

80 HTTP (Hypertext Transfer Protocol). HTTP is used to transfer Web pages over the Internet. Port 80 should be open only if you're running a Web server.

... and the ports it tells me are Closed are:

25 SMTP (Simple Mail Transfer Protocol). A protocol for host-to-host mail transport. This port should be open only if you're running a mail server.

110 POP3 (Post Office Protocol). Internet mail servers and mail filter applications use this port. This port should be open only if you're running a mail server.

113 Ident / Authentication. This service is required by some mail, news, or relay chat servers to allow access. A stealth result on this port could cause performance problems.

119 NNTP (Network News Transfer Protocol). A service used by News servers to distribute Usenet articles to newsreader applications and between other servers.

135 Location service (loc-srv). This port is used to direct RPC (Remote Procedure Calls) services to the appropriate dynamically mapped ports. Hackers can use this to determine which port is used by several Windows services. This port should not be visible from the Internet.

139 NetBIOS. NetBIOS is used for Windows File & Print sharing. If port 139 is open, your computer is open to sharing files over the Internet. Other components of NetBIOS can expose your computer name, workgroup, user name, and other information. To learn more about preventing connections to your NetBIOS ports, see: NetBIOS Information and Configuration Instructions

143 IMAP (Internet Message Access Protocol). IMAP is a sophisticated protocol for electronic mail delivery. This port should be open only if you're running an IMAP server.

443 HTTP over TLS/SSL. A protocol for providing secure HTTP communication. It should be open only if you're running a Web server.

445 Windows NT / 2000 SMB. A standard used to exchange Server Message Blocks, and can be exploited in multiple ways, including gaining your passwords.

1080 SOCKS. This protocol allows computers access to the Internet through a firewall. It is used when one IP address is shared among several computers. Generally this protocol only allows access out to the Internet. However, it is frequently configured incorrectly to allow hackers to pass traffic inwards through the firewall.

1723 PPTP (Point-to-Point Tunneling Protocol). This service is used for virtual private networking connections.

5000 UPnP (Universal Plug and Play). This service is used to communicate with any UPnP devices attached to your network.

5631 pcAnywhere. This port is used by Symantec pcAnywhere when in host mode.

Prince_Serendip · Posted: Sun May 16, 2004 6:46 am Post subject:

Have you enabled and configured your Norton Personal Firewall, which is included with Norton Internet Security 2004? It may not be loaded automatically. Wink

Full Title: Symantec Support: How to configure the Personal Firewall in Norton Internet Security or Norton Personal Firewall

How to configure the Norton Personal Firewall

This should help you get started. Good thing you did those scans or you might have missed something important.

Best regards and welcome to Computer Cops!

jvmorris · Posted: Sun May 16, 2004 7:58 am Post subject:

Talisair,

In a situation like this, my first speculation would be that the Symantec test site is actually probing your university's Internet gateway/router rather than your machine.

Part of my reason for that conjecture is that it failed to pick up the fact that you are, in fact, running NIS! (which it should have detected)

Other possibility here is that your university is actually running proxy servers and that, in reality, the Symantec site is checking those rather than your machine.

Run the test again, noting the time on your PC's clock. Note the displayed results. Then open the NIS firewall event log. Check to see if these events are reflected in the firewall event log. If they are not , the the Symantec online checker is not checking your machine.

talisair · Posted: Sun May 16, 2004 8:01 am Post subject:

Hi Prince ... yeah I have been through all the configuration settings, have tried various combinations and I am, apparently, still vulnerable. I wonder, do you think that it is possible the Symantec online security check gets false readings because of the fact that I am also sitting behind the University's own firewall and protection?

talisair · Posted: Sun May 16, 2004 8:03 am Post subject:

Ahhhh, thank you Joseph ... sort of fits in with what I was thinking ... I shall check that now.


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 779 pages served in previous 5 minutes. Page Rendered: 0.398 seconds.