Security Basics mailing list archives
RE: win2k firewall
From: "Daniel R. Miessler" <danielrm26 () hotmail com>
Date: Tue, 7 Jan 2003 15:42:49 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Protection is relative...specifically, what are you protecting? What is the point of putting BlackICE on a system, particularly a web server?
Perhaps you are not familiar with what BlackIce does. BlackIce knows what Code Red is, and it can stop it from hurting an UNPATCHED W2K machine. And it can afford this kind of protection vs. hundereds of other exploits as well. Basically, you can have it watching every single packet going to ALLOWED services (those that are open due to it being a webserver), and making sure that there is nothing malicious being attempted. Is that a good reason?
But wouldn't malicious attempts be "blocked" by simply not running services that someone could attempt to exploit? If there's nothing to attack, there's also nothing to manage.
There is something to attack - it's a webserver. There are numerous attacks that are done with nothing more than mangled http requests. BlackIce can stop many of them. How can I be more clear?
P.S. Please don't refer to Steve Gibson's site in an attempt to defame ISS's current BlackIce product - especially the one designed specifically for servers.Please don't dictate what people can and cannot post. If you feel the need to do so, please do so directly to the poster, rather than the list.
Ok, fair enough. I just didn't want to get into the Steve Gibson thing here. - -Daniel R. Miessler -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPhs7wlJwf7WiYT5vEQKyNACeKGwo/kQBmNQSKKR04nNe2NHwh4AAoJFL 1dEL4MW17nyS0+omF300k0BJ =R3Dn -----END PGP SIGNATURE-----
Current thread:
- RE: win2k firewall Piacquadio, Juan (Jan 06)
- <Possible follow-ups>
- re: win2k firewall H C (Jan 06)
- RE: win2k firewall Rick Darsey (Jan 07)
- RE: win2k firewall H C (Jan 07)
- RE: win2k firewall Daniel R. Miessler (Jan 07)
- RE: win2k firewall josh (Jan 08)
- RE: win2k firewall Daniel R. Miessler (Jan 08)
- RE: win2k firewall H C (Jan 08)
- RE: win2k firewall Daniel R. Miessler (Jan 08)
- RE: win2k firewall H C (Jan 08)
- RE: win2k firewall Daniel R. Miessler (Jan 08)
- RE: win2k firewall Jimmy Sansi (Jan 09)
- RE: win2k firewall Rick Darsey (Jan 07)
- RE: win2k firewall Jason Dixon (Jan 11)
- RE: win2k firewall David Gillett (Jan 13)