The ports used by Windows NetBIOS over TCP/IP (137,138,139, & 445) are among the most vulnerable to hackers. Disabling NetBIOS over TCP/IP is easy:

Windows 2000/XP:

• Right click on My Network Places and select Properties


• Right click on your LAN connection and select Properties


• Click on Internet Protocol TCP/IP and select Properties


• Click Advanced and select the WINS tab


• Disable NetBIOS over TCP/IP (changes take effect immediately without reboot)

Windows 95/98/ME

• Right click on Network Neighborhood and select properties


• Click on Internet Protocol TCP/IP and slect Properties


• Select the NetBIOS tab and disable NetBIOS over TCP/IP (reboot required)

There are a few simple steps you can take to keep your computer safe.

To start, you will want to install a firewall. The best solution is a hardware based firewall/router such as the Linksys BEFSR41. You can pick one up for around $50 and it comes with a 4 port switch to connect your computers to. By using a hardware based router between your cable or DSL modem and your network, you are able to provide NAT IP addresses on your LAN so that it appears all of your computers are coming from a single IP and it makes it harder to get to those computers. Be sure to change the default password on your router once installed.
The other option is to install a software based firewall such as ZoneAlarm or BlackIce. These firewalls start out basically blocking everything and allow you to choose as needed inbound and outbound activity.
Remember that firewalls are not a substitute for taking the other necessary steps.

Install and keep your antivirus software up to date by using the automated update feature. Check it fairly often to make sure that your updates are occuring. Some commercial antivirus programs require a subscription for you to receive updates. Also, don't blindly click on attachments such as .pif, .exe, .zip. If you weren't expecting a file from someone, don't open it. We recommend AVG by Grisoft as a good free antivirus program that keeps itself updated.

It is important to keep your Windows installation secure by updating it frequently at http://windowsupdate.microsoft.com/.

Install a Pop-Up blocker such as the Google Toolbar. Besides allowing easy searching of Google, it also stops those annoying Pop Up adds that some websites use.

Sometimes pop-up spam is sent via the Windows Messenger Service (not MSN Messenger which is instant messaging software similar to AIM or ICQ). To get rid of that spam, you will need to disable Windows Messenger. Please follow the simple directions here.

In addition to using antivirus software, you will want to run a periodic scan to confirm your computer is not infected with Spyware. Spyware is software that gathers information about your browsing without you necessarily knowing. It is usually installed when programs like Comet Cursor and various other websharing clients are installed. A couple of good free ones are Ad-aware from Lavasoft and Spybot Search & Destroy. Both programs do an excellent job of cleaning spyware from your computer.

Disable Windows File and Print sharing. Leaving them open only opens up your computer to a number of possible attacks. You can find out how here.

As a final precaution, if your cable modem has a stand-by button (If its a Motorola it probably has it on the top or front, Com21's do not have them), you might want to use it. Turning it on will stop all communication between the Computer side and the Internet side of the cable modem. Just remember to turn it back off when you want to use your computer again. Alternatively, you can just power down your computer when its not in use.

Frequently these programs are very sensitive to packets that are required for you to use the internet. A common example is firewall software reporting an attack on port 53, the port used for DNS. DNS is the translation mechanism that the Internet uses to allow you to access web pages by typing in their names rather than their numerical IP addresses. Sometimes a firewall package will report the response we provide back to your computer as an attack. Most alerts concerning port 53 can be safely ignored and/or disabled.

The largest threat when using a wireless LAN is a failure to use any security measures at all.

• Check the manufacturers website frequently for security related updates including new firmware.



• Enable WEP and change the default key by using your own custom key.



• Change your key regularly.



• Change the default SSID to a custom name.



• Use MAC address filtering, if supported. This is one of the best measures you can take.



• Password protecting drives and folders can increase security.



• Implement session keys if your hardware supports this feature.



• Limit the number of DHCP addresses to the number of wireless access points that you will be using. Optionally, set static IP addresses, set to non-standard network blocks.



• Consider using VPN, SSL, Firewalls, RADIUS, Kerberos or other access control, or end-to-end encryption. Most of these can be integrated into your 802.11b appliance.

Our first recommendation would be a hardware based NAT router such as the Linksys BEFSR41. With it, you can share your internet connection between all of your computers.

Or, if you do not with to install a router, install something like BlackICE or Zone Alarm. As always, we request that you install a good antivirus package such as AVG on every computer.

Traffic on port 53 is DNS. Unless you are running a DNS server, you are receiving responses back from your requests. You can safely ignore those alerts.

Traffic on port 67 and 68 is DHCP. That is normal traffic as your computer must request an IP address and frequently request to continue using it. What is reported as an attack is actually just Grande's servers allowing you to continue to use that IP address.

You can find a list of other normal activity commonly misinterpreted as harmful at http://www.mynetwatchman.com/kb/res-falsepos.htm

Please visit Internet Storm Center and input the port you want to know more about. They also have a map available showing the top kinds of attacks currently happening.

You can run a scan of your computer at Symantec. If you are running a firewall, be forwarned you will get alerts generated by this.

You will need to install a good antivirus package such as AVG or update the definitions of your existing software and run a full scan. Also, you might want to visit http://windowsupdate.microsoft.com/. just to make sure that your computer is fully updated with the latest security patches.

The easiest way to report abuse if you are using BlackICE, ZoneAlarm, or a Linksys firewall is to install the agent from myNetWatchman and have it do the reporting for you. It will compile reports from all of their users and sends a summary to the ISP. That way all the legwork is automated, making it easier for you and the ISP.

Or you can look up the abuse contact for an IP address and submit the report to them. For a given IP, you can find the owner by using the whois tool located at http://www.geektools.com/whois.php. Just input the IP, fill in the code, and click submit. You will want to find the abuse email address listed to send email to.

Please do not send your logs for attacks that did not originate from Grande IPs to us.

When reporting an attack, most providers will want the data in the same format: IP Address of the attack, Date/Time stamp of the attack including offset from GMT, Protocol/Port used, and the number of instances of each packet type received. A good example follows:

Mar 15 19:33:03 -0600 192.168.30.150:3510 -> 10.60.87.1:9898 SYN ******S*
Mar 15 19:33:03 -0600 192.168.30.150:3511 -> 10.60.87.2:9898 SYN ******S

Your Internet access could be temporarily limited or disabled until the virus is removed from your system. The Federal Trade Commission has recently recommended this course of action due to the amount of unsolicited email that gets sent through virus-infected PCs:
http://www.ftc.gov/bcp/conline/edcams/spam/zombie/index.htm

Phishing is the term used by Internet scammers who imitate legitimate companies in e-mails to entice people to share user names, passwords, account information or credit card numbers.
The term Phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' private information. The most common ploy is to copy the look and feel of a web page from a major site and use that design to set up a nearly identical page that appears to be part of the company's site.

There are several steps you can take to make sure you never fall for one of these scams:
• Always be suspicious of any email or phone call that asks for your personal account information, such as usernames, passwords, and account numbers. emails, phone calls, text messages, instant messages, or Web logs that appear to come from a reliable source may not always be authentic.
• Grande will NEVER ask you for password information via phone or email, as that information is private and is only known by you.
• Grande will NEVER ask for billing or payment information through email.
• Always be extra cautious when giving out your personal information on the phone
• Always ensure that you're using a secure server when submitting credit card information. To make sure you're using a secure server, check the beginning of the web address in your browsers address bar - it should be https:// rather than just http://. Contact your bank or Credit Card Company if you think you may have replied to a fraudulent email with sensitive personal information.

For more information you can visit this website: http://onguardonline.gov