Security Basics mailing list archives

RE: win2k firewall

From: "Daniel R. Miessler" <danielrm26 () hotmail com>
Date: Tue, 7 Jan 2003 15:26:24 -0500

Why would you tell someone to run blackice witch has bugs in it.
If your going to have a firewall, just grab a box that is not being used
and put Openbsd on there and make your firewall that way.


Because when you pass ports through a packet filter into a machine offering
services, OpenBSD isn't going to help you.  There is little difference
between doing this and just turning off all services other than the public
ones and putting it right on the Internet with no protection at all.

BlackIce inspects ALL traffic, to include the traffic being allowed through
whatever firewall, and can actively block malicious attempts while letting
through legitimate traffic.  

--Daniel R. Miessler

P.S. Please don't refer to Steve Gibson's site in an attempt to defame ISS's
current BlackIce product - especially the one designed specifically for
servers.

Current thread:

RE: win2k firewall Piacquadio, Juan (Jan 06)
- <Possible follow-ups>
- re: win2k firewall H C (Jan 06)
  - RE: win2k firewall Rick Darsey (Jan 07)
    - RE: win2k firewall H C (Jan 07)
  - RE: win2k firewall Daniel R. Miessler (Jan 07)
    - RE: win2k firewall josh (Jan 08)
    - RE: win2k firewall Daniel R. Miessler (Jan 08)
    - RE: win2k firewall H C (Jan 08)
    - RE: win2k firewall Daniel R. Miessler (Jan 08)
    - RE: win2k firewall H C (Jan 08)
    - RE: win2k firewall Daniel R. Miessler (Jan 08)
    - RE: win2k firewall Jimmy Sansi (Jan 09)
    - RE: win2k firewall Jason Dixon (Jan 11)
    - RE: win2k firewall David Gillett (Jan 13)
  - re: win2k firewall Theo Spears (Jan 08)
- RE: win2k firewall Mark S. Searle (Jan 06)
- RE: win2k firewall Paul Carroll (Jan 07)

(Thread continues...)