Community Forum

Internet

Top Contributors
Sort by:
This article tells you how to troubleshoot your WiFi Network using XFINITY xFi
View full article
***Created by our Community Users***     We see many questions in the forums regarding port forwarding, so I have put together a primer to try to help those who are new to the concept.   WARNING: Port Forwarding exposes devices on your LAN to the Internet. If you DO NOT NEED to port forward, DON'T. This guide tells you how to and why you might need to port forward. The reader assumes any and all responsibility for any damage of, or intrusions into their network caused by port forwarding. What is Port Forwarding? Port forwarding is a mechanism used in IPv4 to allow a computer, smartphone, or other device (the SOURCE) outside your Comcast HSI connection to connect to a device on your LAN (the DESTINATION). A typical Comcast residential user network might look something like this: In this diagram, a Cable subscriber (you) has a webcam, NAS, or media server on the internal LAN behind his router/gateway. It is configured to listen on TCP port 8080, in this case. Other devices or game servers that you have may be configured to listen on a different (or many different) ports, but the principle is the same. Let's say that the subscriber (you) want to make that server available to a family member in a different location, so they can see your webcam, or look at pictures on your media server or NAS. In order to do that, your family member needs to be able to connect, often using a web browser, or a smartphone app. The problem is that your web server is on your LAN, protected by the firewall in your router, AND it has a private address, which cannot be used on the internet. The private subnets you will see most commonly are the 192.168.0.0 and 10.0.0.0 subnets. Subnetting is beyond the scope of this discussion, as most home routers are set up out-of-the-box to use one of these submets. Under normal circumstances, you will probably never have to change this. The problem lies in the fact that these subnets cannot be routed over the internet. Port Forwarding is intended to solve that problem.   As seen in the diagram, your home router (and you must have a router of some type to perform port forwarding) is provided with an address on the public internet by Comcast. Because of a shortage of IPv4 addresses, home routers use Network Address Translation (NAT) to allow you to connect a large number of devices to your router, and give them the ability to connect to other devices on the internet. This is done by assigning each requested connection from your LAN a TCP port, so the router can track the connection. The combination of the IP address and port number is called a socket. So, when you use your computer on your LAN to go to www.google.com, your computer (the source) sends a request using a random port (usually above port 1024) to the destination (www.google.com) on port 80 (the standard http port. Because of NAT, the Google server sees your source address as the WAN IP of your router. How, you may ask. is this related to Port Forwarding? Well, port forwarding is essentially the same process, but in reverse. Think of it as inbound NAT. You router has a public IP address, but by default, it doesn't listen on many ports. This is for security so that someone on the internet cannot easily get on to your network. Now, you have a media server or an IP Camera that you want Granny to see, so you have to tell your router to listen on a port so that you can give Granny a link to it that she can put in her web browser (how she does that we will discuss later).     How do I set up Port Forwarding   First, you have to set up your router. There is an excellent website at http://portforward.com, which will walk you through the steps of how to forward ports on just about every known router, so I am not going to go into detail on any particular model. Suffice to say that when you set up port forwarding, you tell your router to listen on a particular port (in the case of the diagram, it is port 8080), and you also tell it where to send that traffic, when it sees it. In this case, the router is told to send all traffic it ses incoming on port 8080 to the internal device at 192.168.1.200. Below is an example of the screen for configuring a Custom port forwarding service on a Netgear WNDR3700. Other router screens will look different. This is just one example:     Setting Up Port Forwarding in the Wireless Gateway Admin Tool   To turn on the port forwarding function on your gateway, follow the steps below to create a rule. Go to   http://10.0.0.1   using a device that is connected to your network. Log in to the Admin Tool: Username:   admin Password:   password   (unless you changed it) Select the   Advanced   menu in the left pane, then click   Port Forwarding. Select   Enable. The button will turn green. Click   +ADD SERVICE   in the   Port Forwarding   box. The   Add Service   page will appear.   Select the appropriate option (FTP, AIM, HTTP, PPTP), from the   Common Service   drop-down menu. Selecting one of these options will automatically populate the start and end ports below the   Common Service   field. For a service not listed, select   Other   and type   Service Name   in the field. Select the   Service Type. The Service Type is the protocol used for sending data over the Internet. The default is   TCP/UDP.   Click   CONNECTED DEVICE   to select the device on your network and populate these fields for the   IPv4 Address   or   IPv6 Address   fields. If the   CONNECTED DEVICE   button doesn't appear on the page: Open a new browser window, follow Steps 1 and 2 from above, and go to   Connected Devices > Devices, as shown below. Click the name of your device for which you want to add the port forwarding rule, under   Online Devices' Host Name. Highlight and copy the   IP address. Return to the previous browser window and paste the   IP address. The start and end ports will populate only if you selected one of the four Common Services. If not, enter the port numbers that are required for the game or service for which you want to add the port forwarding rule.   Click   Save. You have created a port forwarding rule on your home network, but before you log out of the   Admin Tool, take note of your WAN IP address (as seen below). You'll need this information to begin using the game or service.     OK, so I have set it up...how does Granny get there... Granny has a computer with a web browser. Lets say you are letting her see your IP Camera. instead of port 80, your IP Camera is designed to listen on port 8080. Under normal circumstances, you would forward the same port externally as the device listens on, so you would set up your port forwarding to listen on the WAN interface on port 8080, and internally, send all port 8080 traffic to the IP address of your IP camera. Now, when Granny browses google.com, she just types inwww.google.com in her browser, and it goes there, right? That is because google.com is listening on a well-known port for http traffic (port 80), and browsers automatically know that you want to go to port 80. What they don't know is that your router is waiting to send traffic to your IP Camera on port 8080, so when you tell Granny how to get to your camera, if you are using any port other that 80, you MUST specify the port, and that you are using the http protocol. So, you would tell granny to put the following in her browser address bar: http://<yourWANIP>:8080   To find the WAN IP of your router, you can either look at the Status page in your router interface, or browse tohttp://whatismyip.com If you don't want to give her an IP address, you would need to use some type of Dynamic DNS service (not within the scope of this discussion) to translate your WAN IP into a hostname, but you still need to specify http and the port number, like this: http://myipcam.somedomain.org:2000 (the actual name will depend on your Dynamic DNS provider)   What else can I do with Port Forwarding?   The principles are the same for pretty much any device or server that you want to make available to sources outside your home. You can port forward Windows Remote Desktop Protocol, so you can log into your PC from another device with an RDP client. You can run a web server (although publicly accessible webservers are technically against the Comcast AUP for residential connections), you can access your own media server from your smartphone, so you can listen to your music wherever you are...the possibilities are pretty much endless, BUT make sure that you secure the devices you are allowing access to with strong passwords. While many security experts frown upon the concept of 'Security by Obscurity' I personally don't see that it hurts to change the port you are using for some services, especially the more common ones...Any hacker knows that Windows Remote Desktop Protocol runs on port 3389, so instead of setting your port forwarding up to listen on port 3389 on the WAN IP, use a different port (above 1024 is recommended. The highest you can go is 65535). You can still tell the router to forward the traffic to port 3389, so you don't have to mess around with the registry settings for your RDP setup on your Windows machine. That is basic port forwarding in brief. If you have any questions, please post it in the forums in the Home Networking / Router / & WiFi Gateway Help board and we will try to help.     Is your device currently connected to your home network?   If the device is not currently connected to your home network, adding a port forward may not work. Try connecting your device to your home network and then setting up the desired port forward. Connecting to your network first will ensure the device has a valid DHCP address within the DHCP range for port forwarding.     Are port forwards you previously set up not appearing in xFi? When attempting to set up a port forward, are you receiving a message that we’re having some trouble, or that the port you are trying to set up already exists?     If you have previously set up a port forward but it is not appearing in xFi, or when attempting to set up a port forward, you are receiving a message that we’re having some trouble, or that the port already exists, editing your LAN settings may resolve the issue. This will clear any pre-existing port forwards that may not be appearing in xFi but are causing issues, and should allow you to successfully set up new port forwards. Any small adjustment made to your LAN settings should be enough to clear existing port forwards. Once the changes have been applied, you can immediately change the settings back to the previous if desired.  Once completed, try setting up your port forwards as desired.      Have your LAN settings recently changed?   If you changed your LAN settings, port forwards you previously set up will no longer work. You will need to set up your port forwards again.     Does the device you’re attempting to set up a port forward for have an IPv6 address?   xFi does not currently allow you to set up port forward for devices that have an IPv6 address since port forwarding should not be needed for these devices.  If the device is dual stack (has both an IPv4 and IPv6 address) the IP recognized by xFi depends on which address your device defaults to. Port forwarding can only be configured in xFi if the device is using the IPv4 address. There are some quirks to setting up port forwarding on the SBG6580 gateway. See this post for details: http://forums.comcast.com/t5/Home-Networking-Router-WiFi/Port-Forwarding-for-an-IP-Camera/m-p/152957... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
View full article
This article will explain what port forwarding is and how to use it on your in-home network. 
View full article
  This article outlines how to activate your Xfinity Internet/Xfinity Voice service if you rent an Xfinity xFi Gateway (Arris 1682G, Cisco 3941T, Arris 3482G, Technicolor CGM4140COM or Cisco DPC3939). To determine the type of Gateway you have, check the make and model information located on the bottom of your device. You can also log in to  My Account  and select  Devices  to view the make and model of your Gateway.   If you do not have an xFi-compatible Gateway, please see the activation instructions for other Wireless Gateway devices.       Activation Instructions Before you start: Download the Xfinity xFi app for free from the Apple App Store or Google Play. Launch the Xfinity xFi app and sign in using your Xfinity username and password. (You must be the primary or an unrestricted secondary user to access.) Select   I'm setting up my Wireless Gateway. After activation you can continue to use the Xfinity xFi app to manage your home network. Select   Get Started   to begin the process of setting up your Gateway. The entire process should not take longer than 20 minutes.   Select   Use Camera   to scan the QR code on the side or back of the device. The QR code should contain all of the information needed to begin activation. You may also be prompted to grant the Xfinity xFi app permission to access your smartphone's camera.   Note:   If your device does not have a QR code to scan, you will need to enter the 12-digit CM MAC number found on the side or back of the Gateway. Select   Enter Code Manually   and follow the on-screen prompts. You may also be prompted to enter the CM MAC number even if your device has a QR code if we need additional information. Your smartphone's camera will open within the Xfinity xFi app. Find the QR code and focus the camera on it. Once the QR code has been successfully scanned, you will see a green check mark. Note:   Keep your smartphone as steady as possible. If the camera has trouble focusing on the QR code, try slowly moving your smartphone away from and towards the QR code. The app will then take you through the necessary steps to set up your Gateway (modem/router) and activate your Xfinity Internet/Xfinity Voice service. For the best WiFi coverage, set up the device in the most centrally located place in your home where there is also a cable outlet. Also, avoid placing the device in your basement or attic as this can interfere with your WiFi signal. Keep it out of cabinets or closets, and make sure it is off of the floor. Select   Next   to proceed through these tips. Once you've found the best spot for your Gateway, follow the instructions to connect the coaxial cable and power cord. The lights on the front of your Gateway will flash and blink as the device prepares for activation. Select   Ready to Go!   to continue.   Now that your Gateway is connected, it's time to personalize your home WiFi network name and password. Enter a WiFi name and password that is easy to remember and secure. Select   Next. Confirm the WiFi name and password you entered are correct. If you need to make changes, simply select the back arrow in the top left-hand corner of the screen. If you are also activating Xfinity Voice, you will see your phone number on this screen. Select   Confirm and Finish Up. Note:   For customers swapping an existing xFi Gateway with a new one, you may be presented with the WiFi name and password associated with your previous device. You can choose to keep them the same, or create a new WiFi name and password. If you change the name/password, you'll need to reconnect all your devices using the new information. Your home network setup will now begin. This can take up to 10 minutes to complete. You will also be prompted to enable push notifications to be alerted when activation is complete. Once your Gateway is activated and your WiFi is ready to go, you'll be presented with instructions on how to connect to your new WiFi network. Two shortcuts are provided to make this process even easier. Simply copy your WiFi password to your clipboard by selecting   Copy   and then   Go to Settings. From there, go to the WiFi settings on your device, wait for your new WiFi name to show in the list of available networks, join the network and then paste your password to connect. Remember, you'll need to connect all of your WiFi-enabled devices using the WiFi name and password you created. Select   Continue to XFINITY xFi   to access home network personalization and control features, for example the ability to see who's most active on your network, troubleshoot any connection issues, and block inappropriate content and network threats. To learn more about xFi features, see the   overview for Xfinity xFi Web Portal and Mobile App.
View full article
How to turn Bridge Mode on and off on Xfinity modem
View full article
Ports on the internet are like virtual passageways where data can travel. All information on the internet passes through ports to get to and from computers and servers. When a certain port is known to cause vulnerability to the security and privacy of your information, Xfinity blocks it to protect you.   Find the Reasons for Blocking Listed Below Port Transport Protocol Direction Downstream/ Upstream to CPE Reason for Block IP Version 0 TCP N/A Downstream Port 0 is a reserved port, which means it should not be used by applications. Network abuse has prompted the need to block this port. IPv4/IPv6 25 TCP SMTP Both Port 25 is unsecured, and Botnet spammers can use it to send spam. This does not affect Xfinity Connect usage. We recommend learning more about   configuring your email settings to Comcast email   to use port 587. IPv4/IPv6 67 UDP BOOTP, DHCP Downstream UDP Port 67, which is used to obtain dynamic Internet Protocol (IP) address information from our dynamic host configuration protocol (DHCP) server, is vulnerable to malicious hacks. IPv4 135-139 TCP/UDP NetBios Both NetBios services allow file sharing over networks. When improperly configured, ports 135-139 can expose critical system files or give full file system access (run, delete, copy) to any malicious intruder connected to the network. IPv4/IPv6 161 UDP SNMP Both SNMP is vulnerable to reflected amplification distributed denial of service (DDoS) attacks. IPv4/IPv6 445 TCP MS-DS, SMB Both Port 445 is vulnerable to attacks, exploits and malware such as the Sasser and Nimda worms. IPv4/IPv6 520 UDP RIP Both Port 520 is vulnerable to malicious route updates, which provides several attack possibilities. IPv4 547 UDP DHCPv6 Downstream UDP Port 547, which is used to obtain dynamic Internet Protocol (IP) address information from our dynamic host configuration protocol (DHCP) server, is vulnerable to malicious hacks. IPv6 1080 TCP SOCKS Downstream Port 1080 is vulnerable to, among others, viruses, worms and DoS attacks. IPv4/IPv6 1900 UDP SSDP Both Port 1900 is vulnerable to DoS attacks. IPv4/IPv6     Enable Port Blocking on Your Router If you’re concerned about the security of your wireless home network, one thing you can do is enable port blocking – this can help prevent unwanted outside connections to your network’s devices. While port blocking is advanced, you can enable it on certain routers with a few simple steps. Here’s how: Note:  These instructions apply only to the following devices:   Netgear CG814v 1&2 Linksys WCG200v 1&2 Linksys BEFCMUH4  Log on to your router’s administration site. Click on the   Select a Computer/Device   button to view the IP addresses of the computers connected to your gateway. Enter the   IP address range   in the IP Range fields. Enter the   Port range   in the Port Range fields. Select the   Enable   check box. Click   Apply.       Why is Port 25 for Email Submission Not Supported? Email is used for important communications and Comcast wants to ensure that these communications are as secure and as private as possible. As such, Comcast does not support port 25 for the transmission of email by our residential Internet customers. Much of the current use of port 25 is by computers that have been infected by malware and are sending spam without the knowledge of the users of those computers. Why is Comcast Supporting Port 587? The original/legacy email ports, 25 and 110, have been in use since the inception of email and have limited or no security features. As a result, port 25 has been used for the transmission of spam and malware from infected computers for nearly a decade. Port 110 simply is not a secure means of retrieving email. Port 995 provides SSL encryption when downloading email. It has been a long-standing recommendation from   M 3 AAWG, an international community of anti-abuse professionals, and the   Internet Engineering Task Force   (IETF), that port 25 be blocked. In an effort to provide our customers with the greatest security when using email, Comcast recommends the use of the industry-recommended port 587 with TLS/SSL enabled. The recommendations from M 3 AAWG can be read   here   and you can also view the IETF   RFC 5068and   RFC 4409   (section 3.1, see below). From RFC 4409:   3.1. Submission Identification Port 587 is reserved for email message submission as specified in this document. Messages received on this port are defined to be submissions. The protocol used is ESMTP [SMTP-MTA, ESMTP], with additional restrictions or allowances as specified here. Although most email clients and servers can be configured to use port 587 instead of 25, there are cases where this is not possible or convenient. A site   may   choose to use port 25 for message submission by designating some hosts to be MSAs and others to be MTAs. What Makes These Settings More Secure? Port 587 further improves security through the use of required authentication and recommended TLS/SSL encryption. Required Authentication   When sending and receiving email, it is required that you use your Xfinity username and password. This helps to prevent infected computers and other devices connected to the Xfinity services from being able to freely transmit spam and malware. SSL Encryption Secure Sockets Layer (SSL) is a secure protocol for sending data safely and encrypted over the Internet. With SSL encryption your user ID, password, and email are secured from hackers and identity thieves when sending or receiving email.   Other Bodies Opposed to the Use of Port 25 There are a number of other organizations that Comcast works with to control the problem of spam on the Internet. One of the most notable of these is   Spamhaus, an organization that provides a number of lists detailing IP addresses known to send a great deal of spam and a list of IP addresses that should never send email at all. These lists, as well as others provided by similar organizations, are used by nearly all of the ISPs and mail receivers on the planet. All of the Comcast dynamic IP address space is listed by Spamhaus as not to be used for the sending of email. As such, any email sent by subscribers on the Comcast network directly to other ISPs (not via the Comcast mail servers) is extremely likely to be blocked by the receiving ISP. The Federal Trade Commission, an organization that has taken legal action against many spammers, also recommends that Port 25 should be blocked by ISPs. The FTC’s recommendation is as follows: "Block port 25   except   for the outbound SMTP requirements of authenticated users of mail servers designed for client traffic.   Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers." The ITU also recommends blocking port 25 in their document named "ITU Botnet Mitigation Toolkit". This can be viewed   here. While this document is focused on the remediation of botted computers, blocking of port 25 is seen as an important step in mitigating the spam that is sent from botted machines.   ISPs that Manage Port 25 Many ISPs, both in the USA and around the globe, block port 25. These include: Verizon AT&T NetZero Charter People PC Cox EarthLink Verio Cablevision All Japanese ISPs France Telecom/Orange       For additional information see here: https://www.xfinity.com/support/articles/list-of-blocked-ports
View full article
This article explains what XFINITY On Demand is and how to use it
View full article
This article provides configuration settings for connecting your comcast.net to an email client
View full article
How to find a compatible modem with your Xfinity Internet service
View full article
Differences between and Primary and Secondary users and how to manage them
View full article
This article will provide you directions on how to set up a Home Page when using Windows 10 EDGE
View full article
How to import your Favorites into Windows EDGE Browser
View full article
Directions on how to initially install Norton Security Suite
View full article
***Created by our Community Experts***     If you use Identity Safe, backup your Identity Safe data See Export instructions here  http://forums.comcast.net/t5/Security-and-Anti-Virus/How-to-Export-Import-NSS-Identity-Safe-Data/m-p...     Uninstall NSS via normal removal procedures. (Add/Remove programs ) Please Note:  During the uninstall of NSS, you should select the top option "I plan to reinstall a Norton Product in the future.  Please leave my settings behind."  The reason for the backup (Export/Import of ID Safe data) is a safety factor.     Follow the instructions found here:  http://constantguard.comcast.net/norton?cid=NET_33_601 to download and install a fresh copy of NSS.   Once installation is complete, open NSS and manually Run LiveUpdate (located on drop-down under PC Security on left side of main page of NSS) as many times as necessary for it to respond "no more updates available". If a reboot is requested, reboot and then continue to Run LiveUpdate until it responds "no more updates available" and then reboot one last time.  Your installation should now be up to date definition wise and ready for use.   After installation and update,if your Identity Safe data was not reinstalled, complete the Import portion of the instructions here for Identity Safe Data   http://forums.comcast.net/t5/Security-and-Anti-Virus/How-to-Export-Import-NSS-Identity-Safe-Data/m-p...
View full article
10 Tips to help fix your Xfinity Internet connection
View full article
***Created by our Community Experts***     **Note**:  These instructions should also be followed if changing from one Norton product to another. ie a paid/trial subscription from Norton to the Comcast version, or a version upgrade of NSS which is more than one upgrade old.   If you use Identity Safe, backup your Identity Safe data (See Export instructions here-   http://forums.comcast.net/t5/Security-and-Anti-Virus/How-to-Export-Import-NSS-Identity-Safe-Data/m-p...     Uninstall NSS via normal removal procedures. (Add/Remove programs )   After it is uninstalled, run the Norton Remove and Reinstall Tool following the instructions here:  http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&selected_nav=partner&pvid=&docurl=20...   After running the Removal Tool, reboot, and download and install a fresh copy of NSS from here:  http://constantguard.comcast.net/norton?cid=NET_33_601   Once the installation is complete, open NSS and manually Run LiveUpdate (located on drop-down under PC Security on the left side of the main page of NSS) as many times as necessary for it to respond "no more updates available". If a reboot is requested, reboot and then continue to Run LiveUpdate until it responds "no more updates available" and then reboot one last time.  Your installation should now be up to date definition wise and ready for use.   After installation and update, complete the Import portion of the instructions here for Identity Safe Data here -   http://forums.comcast.net/t5/Security-and-Anti-Virus/How-to-Export-Import-NSS-Identity-Safe-Data/m-p...
View full article
***Created by our   Community Users***   I am sure that people will run into this.  On the canon image CLASS MF8300C also known as mf8380cdw, it took me some time to figure out how to get scan to email working.  Summary is to change the SMTP port to 587 and use your smtp auth set to your Comcast login.  The default port 25 won't work and port 465 won't work.   Here is how:   configure the management name/pin. login as management to the the web UI browser, http://printer-ip/ change the SMTP TX port to 587, find it at System Settings -> Network Settings -> TCP/IP Settings -> Port Number Settings Enter the info in E-Mails Settings System Settings -> Network Settings -> E-Mail Setting SMTP Server Addess: smtp.comcast.net E-Mail Address: your@address Check Use SMTP Auth Enter your username: your@comcast.net Check Set/Change Password Password: Your password.      5. Instruction says to power cycle for the new settings, do it.   Good Luck!
View full article
How to connect to an Xfinity WiFi Hotspot
View full article
Help secure your devices, your personal information, and your family against online threats with easy-to-use Internet security tips. Print a copy for easy reference.   The risks are real, but the solution is clear   Install Norton™ Security Online Help shield your PC, Mac, and mobile devices from viruses and online threats with top-rated¹ security software and services from Norton.   Norton Security Online   is included at no additional cost with your Xfinity Internet service. Don’t be fooled by social engineering Social engineering is the art of manipulating people to performing actions or divulging confidential information. Before you let anybody in on sensitive details about you, make sure that you can verify their credibility. Be extra careful while clicking links and attachments in emails Phishing is a method used by Internet scammers who imitate real companies or individuals in email messages to entice people to share user names, passwords, account information or credit card numbers. Be wary before clicking on attachments and links because, even though the sending party might look legitimate, there is a possibility that they might not be. Strong passwords for accounts and devices When creating a password, use a combination of uppercase and lowercase letters, numbers, and symbols. The longer your passwords are, the harder they are to crack. Never use the same password for multiple accounts, especially for sensitive sites like social media, email or banking websites.   Learn more. Using multi-factor authentication Multi-factor authentication (MFA) is a best practice to help further protect yourself against hacks and social engineering. MFA works by requiring you to login with more than one set of credentials to authenticate your identity. Turn on MFA when a website or app offers it, especially for sensitive sites like social media, email or banking websites. Xfinity offers two-step verification to help protect online access to My Account, Xfinity web pages, and most apps. Learn more and   enroll today! Learn about security and privacy settings with social media Learn about security and privacy settings. Be careful when sharing personal information and never share sensitive or confidential information on social media. Never share your full birthdate, current address or location when you’ll be away from home for a long period of time. Handling sensitive files in emails While it’s important to have strong passwo rds on your devices and email accounts, you should take extra precaution to safeguard sensitive files you store or transfer. Sensitive information includes W2 forms, credit card numbers, bank account info, driver’s license numbers, social security numbers, insurance numbers, etc. Encrypt these types of files before sending to another person. Keep apps and operating systems updated Keep your devices’ operating system and apps updated to the latest version to ensure the latest security patches are installed. Take extra care to make sure Adobe Flash, Java and other utilities stay updated to prevent cyber attacks. If your device offers auto-update for apps, turn this feature on. Securing payment info and personal information when shopping When shopping online, submit payment information on websites with a URL that starts with https:// The "s" stands for secure. If you’re shopping on a mobile device, only submit payment information on trusted, well-known apps. Use caution when saving payment information in your web browser or mobile wallet. Talk with your family about protecting your online presence and cyberbullying For families that share devices or regularly interact online together, it’s important to have a conversation about internet safety. Review the tips above and have an open discussion with your family about   protecting your online presence   and educating them about the pitfalls of cyberbullying.   Trusted Security Partners Comcast partners with trusted national organizations who provide digital media awareness for children, education on how it affects them, and articles on how to promote safe online habits. www.commonsensemedia.org     Learn More     www.staysafeonline.org     www.controlwithcable.org     Learn more about Xfinity Internet Security Tips Learn more about Internet Security Education      ¹ Ratings and Performance:   AV-TEST, "Best Protection 2017 Award,"   March 2018,   AV-TEST, "Product Review and Certification Report,"   September-October 2017,   PassMark Software, "Consumer Security Products Performance Benchmarks   (Edition 1)," November 2017   
View full article
To better protect email and Xfinity credentials from being compromised, customers who use a third party email application (Outlook, Apple Mail, Thunderbird, etc.) through a POP connection are now required to use a secure mail server and can no longer utilize POP Port 110. While POP will still be supported, customers should ensure that their email application is set up through the secure Port 995. If your application is configured through Port 110, you’ll need to make a few updates to continue to use your Xfinity email. Please locate your email application below for instructions on changing your port settings.       Updating Third Party Email Application POP Port Settings Outlook 2007, 2010, 2013 or 2016 Open Outlook. Click the   File   menu (Outlook 2010, 2013 or 2016) or   the Tools menu (Outlook 2007). Click the   Account Settings   button. Select your Xfinity email address and click   Change. Verify that the account type says   POP. If the account type says   IMAP, no changes are needed. Click   More Settings   in the lower right. Click the   Advanced   tab. Change the   Incoming Server   to   995. Ensure that   SSL   is selected or checked as the encrypted connection. Click   OK   to save your settings.     Mac (Apple) Mail Open Mac Mail. Click the   Mail   menu. Click   Preferences. Click   Accounts. Select your Xfinity email address. Verify that the account type says   POP. If the account type says   IMAP, no changes are needed. Click the   Advanced   button to the right. Change the   Incoming Server   to   995. Ensure that   SSL   is selected or checked as the encrypted connection. Windows 10 Open Windows 10. Select the   cog   icon in the bottom left-hand corner, then select   Manage Accounts   from the right sidebar. Select your email account from the list. Select the   Change mailbox sync settings   option at the bottom of the page. Scroll down, then select   Advanced mailbox settings. Verify that the account type says   POP. If the account type says   IMAP, no changes are needed. Change the   Incoming Server   to   995. Ensure that   SSL   is selected or checked as the encrypted connection. Select   Done   and   Save.      Outlook Express Open Outlook Express. Click   Tools. Click   Accounts. Select your Xfinity email address, then click   Properties. Click   Servers. Verify that the account type says   POP3. If the account type says   IMAP, no changes are needed. Click the   Advanced   tab. Change the   Incoming Server   to   995. Ensure that   SSL   is selected or checked as the encrypted connection. Click   OK   to save your settings.       Windows Live Mail Open Windows Live Mail. Right-click on the account at left, then click   Properties. In the   Properties   window, click on the   Servers   tab to verify that the incoming mail server type is set to   POP. If the account type says   IMAP, no changes are needed. Click the   Advanced   tab. Change the   Incoming Server   to   995. Ensure that   SSL   is selected or checked as the encrypted connection. Click   OK   to save your settings.       Thunderbird Open Thunderbird. Click   Tools. Click   View settings for this account. Click   Server Settings. Verify that the server type says   POP. If the server type says   IMAP, no changes are needed. Change the port to   995. Ensure   SSL/TLS   is selected under   Connection Security. Click   OK.     Other Port settings can generally be found in your email application's   Account Settings,   Properties   or   Preferences   section. If your email application is not listed above, please consult your email application developer for instructions on changing your POP account settings.   Frequently Asked Questions Why is access to email through Port 110 being blocked? We are blocking this port because it is not encrypted and may leave your email account information vulnerable to being compromised. No accounts have been compromised; however, this change will help to provide you and your personal information with the best level of protection possible. Can I still access my email through POP? Yes. Port 995 with SSL is secure and is the recommended port for POP. You can update your Incoming Mail Server Port to 995 with SSL to continue to receive mail without any change to your experience. Will changing the email settings affect how I receive emails or manage my mailbox? We recommend that you switch from POP Port 110 to Port 995, which will not affect how you receive emails or manage your mailbox. If you wish to change from POP to IMAP, please move any emails or folders that you wish to save into your new IMAP account  before   deleting the POP account to prevent any impact to your experience. Please see  Switching from POP to IMAP  for additional details. What will happen if I do not update my port settings? After access to the port is blocked, you will receive an error message in your third-party email application when attempting to access your Xfinity email. You will continue to be able to access your email through Xfinity Connect webmail, the Xfinity Connect app or any email application without any impact. When do I need to make these updates? Please update your settings prior to December 2018 to ensure that you can continue using email with your third-party email application after Port 110 is blocked. If you update your settings after port access has been blocked, any email received while blocked will appear in your inbox once you have updated your port settings.       Learn more about updating your Xfinity Email POP Port Settings
View full article