Community Forum

TECHNICOLOR Gateway CGM4140COM Default Settings - Security Alert & Workaround

Contributor

TECHNICOLOR Gateway CGM4140COM Default Settings - Security Alert & Workaround

Security Alert:

The IPV4 Firewall default setting is set to "Minimum Security (Low)."

When tested at: NEW SHIELDS UP! TESTS: UPnP Exposure and All Ports Stealth Test

The All Ports Stealth Test fails as follows:

 

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

 

Workaround:

Change the IPV4 Firewall default setting:

From "Minimum Security (Low)"

To: "Typical Security (Medium)"

When retested at:

NEW SHIELDS UP! TESTS: UPnP Exposure and All Ports Stealth Test

The All Ports Stealth Test now reports your Firewall has passed all tests.

 

In summary, I don't quite understand why Comcast selected low security as a default setting for the firewall in this particular gateway?

 

Cheers!

Expert

Re: TECHNICOLOR Gateway CGM4140COM Default Settings - Security Alert & Workaround

Because the "Typical Security (Medium)" setting breaks some applications and would need to be disabled for them. The average customer want's everything to be plug and play these days.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Re: TECHNICOLOR Gateway CGM4140COM Default Settings - Security Alert & Workaround


@EG wrote:

Because the "Typical Security (Medium)" setting breaks some applications and would need to be disabled for them. The average customer want's everything to be plug and play these days.


Wow, I can plug and play anything I want at the typical security setting so why don't you provide a specific example of what won't work and I will be happy to test it. Right now, as an average user, I see no difference between the settings; however, I feel more assured that my gateway is not visible to potential hackers with the change to typical security settings. Also, if any of your logic holds true, why didn't Comcast create an IPV6 Firewall low security setting becuase it is set to typical security by default (not low)?

 

 

Expert

Re: TECHNICOLOR Gateway CGM4140COM Default Settings - Security Alert & Workaround

I can't give you specifics but VPN's and other applications that require port forwarding get broken with the Comcast gateway device's firewall.

 

I also can not answer your other questions authoritatively as I am not a Comcast employee.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Re: TECHNICOLOR Gateway CGM4140COM Default Settings - Security Alert & Workaround


@EG wrote:

I can't give you specifics but VPN's and other applications that require port forwarding get broken with the Comcast gateway firewall.

 

I also can not answer your other questions authoritatively as I am not a Comcast employee.


OK, your concern may be applicable to some VPNs but not all cause I have used a 3rd party VPN myself without issue; however, I would say the VPN users are quite a minority compared to the masses that do not have a VPN. With that said, it is my opinion that Comcast should adjust that default security setting from low to typical for the following reasons:

 

The majority of users may not even know they are at risk when that IPV4 security settings is set to low.  Also, the majority of users probably only use a non-VPN setup and would not be affected by an increase in IPV4 security. And, most individuals using a VPN are smart enough to understand that the IPV4 security setting may need to be lowered if problems are encountered.

 

In summary, I say protect the masses and let the experts fine tune thier configs as needed.

 

Cheers!

Expert

Re: TECHNICOLOR Gateway CGM4140COM Default Settings - Security Alert & Workaround


@NJGroundHog wrote:


OK, your concern may be applicable to some VPNs but not all cause I have used a 3rd party VPN myself without issue;

 

It depends on the particular type of security protocol that any given VPN application is using.

 

however, I would say the VPN users are quite a minority compared to the masses that do not have a VPN.

 

Yep. That would be subject to one's opinion.

 

With that said, it is my opinion that Comcast should adjust that default security setting from low to typical for the following reasons:

 

The majority of users may not even know they are at risk when that IPV4 security settings is set to low.  Also, the majority of users probably only use a non-VPN setup and would not be affected by an increase in IPV4 security. And, most individuals using a VPN are smart enough to understand that the IPV4 security setting may need to be lowered if problems are encountered.

 

In summary, I say protect the masses and let the experts fine tune thier configs as needed.

 

Agreed in principle but not everyone is a techxpert. IMO, on the whole there are more average users / technophobes / neophytes than there are experts.

 

Cheers!

 

Cheers !


 



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Re: TECHNICOLOR Gateway CGM4140COM Default Settings - Security Alert & Workaround


@EG wrote:

@NJGroundHog wrote:


OK, your concern may be applicable to some VPNs but not all cause I have used a 3rd party VPN myself without issue;

 

It depends on the particular type of security protocol that any given VPN application is using.

 

however, I would say the VPN users are quite a minority compared to the masses that do not have a VPN.

 

Yep. That would be subject to one's opinion.

 

With that said, it is my opinion that Comcast should adjust that default security setting from low to typical for the following reasons:

 

The majority of users may not even know they are at risk when that IPV4 security settings is set to low.  Also, the majority of users probably only use a non-VPN setup and would not be affected by an increase in IPV4 security. And, most individuals using a VPN are smart enough to understand that the IPV4 security setting may need to be lowered if problems are encountered.

 

In summary, I say protect the masses and let the experts fine tune thier configs as needed.

 

Agreed in priciple but not everyone is a techxpert. IMO, on the whole there are more average users / technophobes / neophytes than there are experts.

 

Cheers!

 

Cheers !


 I totally agree with your last statement! There are more average users and they are the ones that need this security change!

Silver Problem Solver

Re: TECHNICOLOR Gateway CGM4140COM Default Settings - Security Alert & Workaround


@NJGroundHog wrote:

Security Alert:

The IPV4 Firewall default setting is set to "Minimum Security (Low)."

When tested at: NEW SHIELDS UP! TESTS: UPnP Exposure and All Ports Stealth Test

The All Ports Stealth Test fails as follows:

 

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

 

Workaround:

Change the IPV4 Firewall default setting:

From "Minimum Security (Low)"

To: "Typical Security (Medium)"

When retested at:

NEW SHIELDS UP! TESTS: UPnP Exposure and All Ports Stealth Test

The All Ports Stealth Test now reports your Firewall has passed all tests.

 

In summary, I don't quite understand why Comcast selected low security as a default setting for the firewall in this particular gateway?

 

Cheers!


I have been using Medium for as long as I can remember; I can't say it HASN"T caused me any issues, but it seems OK.

I am not a Comcast Employee.
I am just a customer, volunteering my time to help other customers here in the Forums.
Was your question answered? Mark the post as best answer!
Expert

Re: TECHNICOLOR Gateway CGM4140COM Default Settings - Security Alert & Workaround


@RobertWy wrote:


I have been using Medium for as long as I can remember; I can't say it HASN"T caused me any issues, but it seems OK.


FWIW, you are one single user Robert, not a cross section of every user. Maybe you don't use apps that would be problematic..



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Re: TECHNICOLOR Gateway CGM4140COM Default Settings - Security Alert & Workaround


@EG wrote:

@RobertWy wrote:


I have been using Medium for as long as I can remember; I can't say it HASN"T caused me any issues, but it seems OK.


FWIW, you are one single user Robert, not a cross section of every user. Maybe you don't use apps that would be problematic..


I am utterly surprised at your last response. Being an expert, you should realize that security trumps all other concerns and those who have apps that won't work at that medium setting can change them anytime they want./ I will also tell you point blank that the masses will run all of thier apps just fine on medium. Give me 3 apps that won't work at that medium setting.

Expert

Re: TECHNICOLOR Gateway CGM4140COM Default Settings - Security Alert & Workaround

How to Set Up a Firewall

A firewall is a barrier that controls what kind of data comes into and out of your network. A firewall can prevent spam sites from installing unwanted programs on your computer, protect your personal information from theft, and much more.

Note: Higher security from a firewall can block functions you might use, such as peer-to-peer applications, like Skype or Spotify. The default firewall setting on the Wireless Gateway is Low, but you can change your settings to suit your particular needs at any time.

To set up a firewall, follow these step-by-step instructions:

  1. Connect a laptop, computer or mobile device to your home Internet network and open a web browser. Go the Gateway's Admin Tool at http://10.0.0.1 and log in with the following username and password:
    • Username: admin
    • Password: password
    • Note: You will be prompted to change your password the first time you access. Please change the password and, if required, log in to the Admin Tool with the new password.
  2. On the Admin Tool homepage, click Gateway.
  3. Under Gateway, click Firewall.
  4. From there, you can choose IPv4 or IPv6.
  5. After choosing either, you will see the following options:
    • Maximum Security (High), which will block most applications except web browsing, email, iTunes and VPN.
    • Typical Security (Medium), which allows access to most sites and services, but blocks all peer-to-peer applications.
    • Minimum Security (Low), which enables all secure apps. This is the default setting when you first use your Wireless Gateway.
    • Custom Security, which will allow you to block individual types of traffic, or disable your firewall entirely.
  6. Select the firewall setting you want.
  7. Click Save Settings.
    • Note: A firewall can be set up on both your computer and your Xfinity Gateway, but more than one firewall can cause interference.

 

 

https://www.xfinity.com/support/articles/advanced-xfinity-wireless-gateway-features


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Expert

Re: TECHNICOLOR Gateway CGM4140COM Default Settings - Security Alert & Workaround


@NJGroundHog wrote:


I am utterly surprised at your last response. Being an expert, you should realize that security trumps all other concerns and those who have apps that won't work at that medium setting can change them anytime they want./ I will also tell you point blank that the masses will run all of thier apps just fine on medium. Give me 3 apps that won't work at that medium setting.


Please don't assume anything. You don't know me or what I know or realize. Please don't bait me. Have a nice day ! Smiley Happy



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Gold Problem Solver

Re: TECHNICOLOR Gateway CGM4140COM Default Settings - Security Alert & Workaround


@NJGroundHog wrote: ... why don't you provide a specific example of what won't work and I will be happy to test it. Right now, as an average user, I see no difference between the settings; ...

It isn't much, but https://www.xfinity.com/support/articles/advanced-xfinity-wireless-gateway-features says:

 

  • Maximum Security (High), which will block most applications except web browsing, email, iTunes and VPN.
  • Typical Security (Medium), which allows access to most sites and services, but blocks all peer-to-peer applications.
  • Minimum Security (Low), which enables all secure apps. This is the default setting when you first use your Wireless Gateway.
  • Custom Security, which will allow you to block individual types of traffic, or disable your firewall entirely.
Expert

Re: TECHNICOLOR Gateway CGM4140COM Default Settings - Security Alert & Workaround


@NJGroundHog wrote:

Being an expert, you should realize that security trumps all other concerns and those who have apps that won't work at that medium setting can change them anytime they want.


That's a pretty subjective statement to make. Security is important, but it's not the be-all end-all. Functionality and useability is primary. 

Look at it this way: I could make my network completely secure by unplugging my modem, but that wouldn't make anything in my LAN very useful, would it? 

My QNAP NAS is very much hardened against intrusion, for instance, but not my Apple TV. Why? One is much more at risk than the other, so I have to tailor my security appropriately. 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!