How to block internet on boot up with Norton IS 2005?

Discussion in 'Computer Support' started by Rocky, Jul 29, 2007.

  1. Rocky

    Rocky Guest

    I would like to not have the network automatically connected on boot
    up. I have Norton Internet Security and it has a feature to "block all
    traffic". However I can't figure out how to make it block on boot up
    and then when I need to "allow traffic". I tried reading thru the
    manual and searching the Symanic site but couldn't find the info I
    need. Perhaps it is not possible? I have a high speed cable modem
    connected thru a router which tends to default to "always on". I would
    rather decide when the computer needs to be connected and when it
    doesn't.

    Thanks
     
    Rocky, Jul 29, 2007
    #1
    1. Advertisements

  2. Rocky

    Mike Easter Guest

    My cable modem is a Motorola SurfBoard SB4100. On its front it has a
    button named 'Standby'.

    The function of that button is to 'disengage' the modem from what is on
    the LAN side, while retaining the connection of the modem to the WAN
    side. When the modem is on standby, the cableco's connectivity is
    maintained, and the cableco's routine maintenance and lease refreshing
    and all that jazz go on just as if it were not in standby with respect
    to the LAN.

    If a computer were hooked up to the modem, while on standby, the
    computer and the modem would not be 'connected'. Similarly if a
    router/NAT device is hooked up to the modem, it is not connected and it
    doesn't have an address to translate. There is no connection between
    the router and the cable modem in standby.

    If you had a cable modem with such a standby, you would only be engaged
    with the WAN, the internet, when you are not in standby.

    What kind of modem do you have? What kind of router do you have? Names
    and modelnos.
     
    Mike Easter, Jul 29, 2007
    #2
    1. Advertisements

  3. Rocky

    Rocky Guest

    It is a Comcast branded Scientific Atlanta hard wired not wireless. No
    buttons. Could pull the power plug though. I would rather have the
    functionality of having the discretion of being connected at the
    computer. I have seen some DSL setups where you have to click on
    "connect to" to get to the Internet kind of like dial-up. It would be
    nice to just have the firewall from either Norton or the Windows one
    start out as unconnected when the computer is booted rather than just
    assume "always on" Internet.
     
    Rocky, Jul 29, 2007
    #3
  4. Rocky

    Mike Easter Guest

    There were two questions there about modelnos for modem and router.
    Presumably the DPC 2100 I guess, altho SA has made a number of cable
    modems over the years, here's a list of all of the user guides to them
    http://www.scientificatlanta.com/products/consumers/new_cablemodems_userguides.htm
    No. Bad idea.
    Is there anything else connected to this router? What are you trying to
    control? Are you trying to control what is going out from your computer
    or what you are perceiving as an intrusion threat or what.

    Again. What is the name and modelno of your router?
     
    Mike Easter, Jul 29, 2007
    #4
  5. Rocky

    Rocky Guest

    Router: LinkSys BEFSR41
    Cable Modem: Scientific Atlanta DPC2100

    As to why I want to do this. I just do not think there needs to be a
    connection to the Internet if there is nothing I am doing with any of
    the computers requires the Internet. This I think would increase
    security slightly.
     
    Rocky, Jul 30, 2007
    #5
  6. Rocky

    Mike Easter Guest

    You forgot to answer that question about if anything else is connected.
    That is the best place to put the control. I used to have a BEFSR41,
    but it died one too many times to firmware flash back to life. I liked
    it.
    The place to do that is the router because it is a piece of hardware
    which is the interface between your LAN and the WAN.

    There is a hardware 'barrier' there which for your application which
    does not involve servers is almost as good as a genuine firewall -- and
    the Linksys is a 'decent' NAT device.

    First of all, I wouldn't do it because I do the following with my
    router. First, I just let it do its thing about NAT functions, which
    means that intrusions would have to be pretty 'sophisticated' to try to
    attack me. The routine intrusion 'noise' is just typical internet
    background, which is bazillions of infected machines looking around to
    cause something.

    So, besides letting my router do its normal NAT thing, I also have it
    keep logs of the various intrusions 'out there'. You can make yourself
    crazy if you get too carried away with logs. Suffice it to say that I
    use a software to help me look at logs in a 'picturesque' way, called
    WallWatcher and I also submit my logs to a log massing place, DShield.
    You might consider DShield to be toward router or software firewall logs
    as spamcop is toward spam -- except that DShield log submission is even
    more automatic than spamcop spam submission.

    So, as a result of keeping an eye on the picture of my logs and trusting
    my router's hardware firewall-like functions to protect me against
    intrusions, I don't worry about using my cable modem's standby switch.

    The upshot of that discussion is that I have a standby switch and I
    don't use it because I trust my router, and you don't have a standby
    switch and you seem to need one because you don't trust your router.

    Your Norton in many important senses is a much weaker barrier than your
    router.

    Anyway, back to how you can do what you want to do with your router.

    You can access your router's configuration with your browser. You
    should know how to do that and how to change the password to the router
    to your own choice instead of the default.

    Your router's default is to allow you to configure such things as
    internet access and if it weren't so configured you could go configure
    it in the router's administration section.

    In the first part, the Setup section, you can configure to control how
    the router stays connected to the internet all the time.

    The manual for your router sez this:

    // Connect on Demand and Max Idle Time. You can configure the Router to
    cut the Internet connection after it has been inactive for a specific
    period of time (Max Idle Time). If your Internet connection has been
    terminated due to inactivity, Connect on Demand enables the Router to
    automatically re-establish your connection as soon as you attempt to
    access the Internet again. If you wish to activate Connect on Demand,
    click the radio button. If you want your Internet connection to remain
    on at all times, enter 0 in the Max Idle Time field. Otherwise, enter
    the number of minutes you want to have elapsed before your Internet
    access disconnects.

    Keep Alive and Redial Period. This option keeps your Internet access
    connected indefinitely, even when it sits idle. If you select this
    option, the Router will periodically check your Internet connection. If
    the connection is down, then the Router will automatically re-establish
    the connection. To use this option, click the radio button next to Keep
    Alive. The default Redial Period is 30 seconds.//

    That 'redial' doesn't actually mean redial in the context of your cable
    connectivity -- it is just a term the router uses.
     
    Mike Easter, Jul 30, 2007
    #6
  7. Rocky

    Rocky Guest


    Well the router approach is effective but I was hoping to find a way
    to make the computer boot up in a unconnected or blocked state with
    Norton Internet Security or some other means. I have several computers
    connected thru the router one may need Internet while others may not.
     
    Rocky, Jul 30, 2007
    #7
  8. Rocky

    Mike Easter Guest

    That's cute. Hold back the most important information of the problem
    until 6 or 7 posts later.

    We need to get you a manual on how to ask questions.

    BTW, when Standby for the cable modem was 'suggested' or mentioned would
    have been an excellent time to start talking about how that wouldn't
    work because of other computers on the network.
     
    Mike Easter, Jul 30, 2007
    #8
  9. Rocky

    Rocky Guest


    Sorry about that. I was kind of focused on the Norton Blocking thing.
    I do appreciate your suggestions though. I was hoping I had missed
    something easy to do to get NIS to be blocked at start up.

    A couple of weeks ago I misspelled a URL and landed on a malicious
    site. It was a rather aggressive attack. NIS alarmed as did SpyBot I
    shut off the main power within at least 4 seconds after seeing what
    was happening since it was stopping services and freezing the system.
    I disconnected the network cable and brought the system back up.
    Nonetheless it had dropped a few files and made changes to the
    registry. I had to spend some time to clean it all up. So since then I
    have been a little extra paranoid about having the Internet "always
    on". I would rather not have the Internet connected unless there is
    some work to do on the Internet otherwise it doesn't need to be
    connected.

    Thanks
    Rocky
     
    Rocky, Jul 31, 2007
    #9
  10. Rocky

    Mike Easter Guest

    If you are looking for a solution for that kind of problem then you
    should not be surfing around with an insecurely configured browser in an
    insecure OS. There are 'crutches' to try to help you prevent problems,
    but that isn't as good as the fundamentals.

    If you are going to be driving an insecure OS, then you certainly don't
    need to be surfing with an insecure browser configured insecurely. I
    use an insecure OS, namely Win98. I also use an insecure browser,
    namely IE6 SP1. If I configure it 'tight enough' then malicious sites
    don't affect me. However, that tight configuration might be considered
    to impair some people's 'internet experience'.

    Besides surfing with W98 OE6sp1, I also surf with linux distros, usually
    using Firefox or Opera. Those browser/OS combinations don't have to be
    configured as tightly re allowing such as javascript, so I can have more
    internet experience with linux distros than my old Win OS, whose browser
    can't even handle CSS.
    I'm having a hard time figuring out what is wrong with the way you drive
    around. Whatever it is, there's nothing Norton is going to do to save
    you from yourself, where yourself must be someone asking for trouble by
    their insecure configuration. You could use a hosts file to reduce your
    chances of going to the wrong place, but if you are going to surf with
    an insecure browser and invite the running of scripts which can take
    over your system, then you are going to have to make some kind of major
    change in what you are doing to defend yourself against what you just
    described.

    I suggest that you check out a linux distribution and see if you like
    it, because you are apparently too reckless to be using Windows.
    You have a misguided interpretation of what you need to be doing to be
    more secure. Misguided security doesn't work, whether it is at the
    airport, your employer, or your operating system/browser. Or your
    so-called software firewall.
     
    Mike Easter, Jul 31, 2007
    #10
  11. Rocky

    Mr. Arnold Guest

    You're right it's not possible. That because the personal FW is not an
    integrated solution of the Windows O/S, where as, it's going to wait on the
    3rd party PFW, before the connection to the Internet is made available.

    The Windows XP FW can do it, Vista's FW can do it, and 3rd party personal
    FW(s) I hear some are already doing it or will be able to do it is integrate
    their solution so that the Vista O/S waits on them before the Internet
    connection is made available.

    The Wipfw with its STARTUP_BOOT_START property can do it too.

    I read some of the other posts in this thread. You should practice safe hex,
    like use Firefox (free) that is very much like IE. You can set FF to the
    default browser and only use IE when a site calls for IE to be used. FF is
    less attackable than IE.

    http://www.claymania.com/safe-hex.html

    If you're using Windows XP or 2K, then harden the O/S to attack as much as
    possible.

    http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm
     
    Mr. Arnold, Jul 31, 2007
    #11
  12. Rocky

    ProfGene Guest

    Have you tried running msconfig to see if it is listed there so you can
    uncheck it?
     
    ProfGene, Sep 10, 2007
    #12
  13. Rocky

    old man Guest

    To the op
    Cannot be done with NIS
    You may be able to disable your Local Area connection with a script, but
    then NIS would probably baulk.IMO if you are connected via a nat router your
    wasting your time & effort
     
    old man, Sep 10, 2007
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.