Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to identify inbound traffic for Windows 7 and block ports as nessecary.

Posted on 2016-09-05
7
Medium Priority
?
167 Views
Last Modified: 2016-11-23
Greetings,

I'm running Windows 7 on an Acer laptop.  I'm trying to become knowledgeable of network security.  In the process I downloaded CurrPorts to identify and kill 'Unknown' connections.  Long story short, CurrPorts is about good for nothing in this regard.  Each and every attempt to kill a connection fails with a line that says I must be running it as Administrator when I am running as Administrator.

At anyone time I can have 30+ 'Unknown' connections.  This is frustrating.  Yes, I do get the IP or domain name and see who the connection is from.  Yes, many are from Google or AOL etc but many are not.  I find some connections are from all over the world and have nothing to do with what I'm using the browser for.

How can a manage these connections better?  How can I reduce the amount of unknown connections?  For instance, if I'm using Google or AOL or G mail, these are the only unknowns I want connecting to my computer.

I did use Windows Firewall with Advanced Security to set a few rules but these rules appear to be good for nothing seeing how there are so many potential Unknown connections.

Thanks for the help!
0
Comment
Question by:John500
7 Comments
 
LVL 99

Expert Comment

by:John Hurst
ID: 41785121
You need a Packet Sniffer for this:

I use Comm View (Tamosoft) but Wire Shark also works.

Comm View will show you the ports uses with the IP address.
0
 

Author Comment

by:John500
ID: 41785152
Thank you Mr. Hurst.

I'm guessing both of these are free-ware?  Back in 2006 (my last IT days) a sniffer was in the thousands of dollars.

Given they are free, would you be so kind as to provide what you call a 'safe' download site/link.  Sometimes 90 % of the battle in obtaining good free ware is getting it from a site that doesn't find a means to installing a Trojan.

Thank you!
0
 
LVL 99

Accepted Solution

by:
John Hurst earned 1600 total points
ID: 41785155
Wire Shark has a small support charge but I think you can use it for free.

Comm View is truly better, not free, comes with support and I have been using it for about 2 decades.

Wire Shark can be had safely from here:  https://www.wireshark.org/

Comm View and everything else Tamos can be had safely from here: http://www.tamos.com/

By the way, a good study of networking security is not likely to be free.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 88

Assisted Solution

by:rindi
rindi earned 400 total points
ID: 41785163
If you want to run a program as Administrator, you need to right click on it and select "Run as Administrator". UAC will then pop up and ask you to enter the admin's credentials.

And make sure you never log on to Windows with an account that has admin rights. Only use standard user accounts. If anything needs admin rights UAC will come up. Just make sure there is an admin account. But never use that directly.
0
 

Author Closing Comment

by:John500
ID: 41785178
Thanks guys!!
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 41785186
You are very welcome and good luck with Network Security.
0
 
LVL 27

Expert Comment

by:tliotta
ID: 41899942
For instance, if I'm using Google or AOL or G mail, these are the only unknowns I want connecting to my computer.
Can you post a useful sample of the "unknown" connections? Using any of those three is likely to give a fair number of "unknown" connections in order for them to work well (or perhaps at all).

Also, are you asking about any connections or only in-bound? Also, what router/modem equipment is under your control?
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
Experts Exchange expands question security options for members.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question