Security Basics mailing list archives
RE: win2k firewall
From: H C <keydet89 () yahoo com>
Date: Tue, 7 Jan 2003 12:35:10 -0800 (PST)
Because when you pass ports through a packet filter into a machine offering services, OpenBSD isn't going to help you. There is little difference between doing this and just turning off all services other than the public ones and putting it right on the Internet with no protection at all.
Protection is relative...specifically, what are you protecting? What is the point of putting BlackICE on a system, particularly a web server? Turning off all unnecessary services (on a web server, that would be anything other than the web services...otherwise, it's not a web server) gives you fewer things to manage, and more CPU time and memory available for the web server.
BlackIce inspects ALL traffic, to include the traffic being allowed through whatever firewall, and can actively block malicious attempts while letting through legitimate traffic.
But wouldn't malicious attempts be "blocked" by simply not running services that someone could attempt to exploit? If there's nothing to attack, there's also nothing to manage.
P.S. Please don't refer to Steve Gibson's site in an attempt to defame ISS's current BlackIce product - especially the one designed specifically for servers.
Please don't dictate what people can and cannot post. If you feel the need to do so, please do so directly to the poster, rather than the list. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Current thread:
- RE: win2k firewall Piacquadio, Juan (Jan 06)
- <Possible follow-ups>
- re: win2k firewall H C (Jan 06)
- RE: win2k firewall Rick Darsey (Jan 07)
- RE: win2k firewall H C (Jan 07)
- RE: win2k firewall Daniel R. Miessler (Jan 07)
- RE: win2k firewall josh (Jan 08)
- RE: win2k firewall Daniel R. Miessler (Jan 08)
- RE: win2k firewall H C (Jan 08)
- RE: win2k firewall Daniel R. Miessler (Jan 08)
- RE: win2k firewall H C (Jan 08)
- RE: win2k firewall Daniel R. Miessler (Jan 08)
- RE: win2k firewall Jimmy Sansi (Jan 09)
- RE: win2k firewall Rick Darsey (Jan 07)
- RE: win2k firewall Jason Dixon (Jan 11)
- RE: win2k firewall David Gillett (Jan 13)