win2k firewall

["Eric Griffin" <alakevue () tampabay rr com>]

 While I agree wholeheartedly that hardening your server is the first step,
 it would be silly and futile to put all of your eggs in one basket. How
 many security flaws did M$ report on Win2k last year? After hardening and
 best practices have been applied, you need a product like BlackIce which
 may provide DAY ONE protection. Patches? Yes, apply them after they have
 been tested in your environment, but that leaves a window of opportunity
 for others. Apply untested patches and your system may be down for a
 while. BlackIce is a necessary tool to help fend off these holes. I have
 been using BlackIce for about 3 years and the product has gone from a good
 last line of defense to an unbelievably great product. Sure it has its
 flaws but not in the area of defense. Sure there have been a lot of old
 versions that were troublesome, but no other soft firewalls-IDS that I
 know of could compare (during the same time frame on a system with OPEN
 ports). No, it is not perfect yet, but as another line of defense on
 something as important as a web server or email server it is money well
 spent.
 Just my 2 cents worth.
 Ric Griffy
>