Firewall Wizards mailing list archives
Re: FW: BlackIce Defender???
From: Rick Smith <rick_smith () securecomputing com>
Date: Wed, 27 Oct 1999 09:31:10 -0500
At 09:29 PM 10/26/99 -0700, Robert Graham wrote:
Disclaimer: I have something to do with Network ICE. BlackICE Defender is a scaled down version of BlackICE Sentry, our network
IDS
agent. We basically built a host-agent out of the network-agent, then added personal firewall capabilities. The term "personal firewall" is sort of an oxymoron -- because the whole
point
of firewalls is to have a many-to-one relationship (many machines behind one firewall). It's kinda pointless to have a one-to-one relationship, you can
just
as easily harden the system in the first place.
Disagree. The point of firewalls is to provide a centralized point of control for security relevant network activities. This is useful for one machine or many, and no doubt it's the reason Windows 2000 has connection filtering built in. It lets you explicitly identify what services you want to pass through your public connection and what you want to block. This is much easier than somehow locating all applications that might use the socket interface at one time or another to provide or use an arbitrary service. Estimates in the DoD run around 1 to 2 days of work for a trained administrator to seriously harden a commercial OS. Plus, you have to redo it whenever you make a significant administrative change to the system (i.e. install one more application). Kiddies, don't try this at home -- while I expect many colleagues on this list may be up to the task, most people aren't. I like the idea of a graphical network traffic/attack monitoring capability bundled with firewalling. This would give a less sophisticated user (like someone at home) the ability to see what's happening and block things accordingly. Rick. smith () securecomputing com "Internet Cryptography" at http://www.visi.com/crypto/
Current thread:
- FW: BlackIce Defender???, (continued)
- FW: BlackIce Defender??? Butler, Gary (Oct 20)
- Re: FW: BlackIce Defender??? Rick Smith (Oct 26)
- Message not available
- Re: FW: BlackIce Defender??? Rick Smith (Oct 27)
- Re: FW: BlackIce Defender??? R. DuFresne (Oct 27)
- Message not available
- Re: FW: BlackIce Defender??? Marcus J. Ranum (Oct 27)
- Re: FW: BlackIce Defender??? Craig H. Rowland (Oct 28)
- Message not available
- Re: FW: BlackIce Defender??? R. DuFresne (Oct 27)
- Re: FW: BlackIce Defender??? Crispin Cowan (Oct 27)
- Message not available
- Re: FW: BlackIce Defender??? (and CVE again) Adam Shostack (Oct 28)
- Re: FW: BlackIce Defender??? Rick Smith (Oct 27)
- RE: FW: BlackIce Defender??? Anton J Aylward (Oct 27)
- RE: FW: BlackIce Defender??? LUCIUS (Oct 30)
- Re: FW: BlackIce Defender??? Craig H. Rowland (Oct 29)