Re: FW: BlackIce Defender???

[Rick Smith <rick_smith () securecomputing com>]

At 09:29 PM 10/26/99 -0700, Robert Graham wrote:
> Disclaimer: I have something to do with Network ICE.
>
> BlackICE Defender is a scaled down version of BlackICE Sentry, our network
IDS
> agent. We basically built a host-agent out of the network-agent, then added
> personal firewall capabilities.
>
> The term "personal firewall" is sort of an oxymoron -- because the whole
point
> of firewalls is to have a many-to-one relationship (many machines behind one
> firewall). It's kinda pointless to have a one-to-one relationship, you can
just
> as easily harden the system in the first place. 

Disagree. The point of firewalls is to provide a centralized point of
control for security relevant network activities. This is useful for one
machine or many, and no doubt it's the reason Windows 2000 has connection
filtering built in. It lets you explicitly identify what services you want
to pass through your public connection and what you want to block. This is
much easier than somehow locating all applications that might use the
socket interface at one time or another to provide or use an arbitrary
service.

Estimates in the DoD run around 1 to 2 days of work for a trained
administrator to seriously harden a commercial OS. Plus, you have to redo
it whenever you make a significant administrative change to the system
(i.e. install one more application). Kiddies, don't try this at home --
while I expect many colleagues on this list may be up to the task, most
people aren't.

I like the idea of a graphical network traffic/attack monitoring capability
bundled with firewalling. This would give a less sophisticated user (like
someone at home) the ability to see what's happening and block things
accordingly.


Rick.
smith () securecomputing com
"Internet Cryptography" at http://www.visi.com/crypto/