RE: win2k firewall

[H C <keydet89 () yahoo com>]

> Because when you pass ports through a packet filter
> into a machine offering
> services, OpenBSD isn't going to help you.  There is
> little difference
> between doing this and just turning off all services
> other than the public
> ones and putting it right on the Internet with no
> protection at all.

Protection is relative...specifically, what are you
protecting?  What is the point of putting BlackICE on
a system, particularly a web server?  Turning off all
unnecessary services (on a web server, that would be
anything other than the web services...otherwise, it's
not a web server) gives you fewer things to manage,
and more CPU time and memory available for the web
server.
 
> BlackIce inspects ALL traffic, to include the
> traffic being allowed through
> whatever firewall, and can actively block malicious
> attempts while letting
> through legitimate traffic.  

But wouldn't malicious attempts be "blocked" by simply
not running services that someone could attempt to
exploit?  If there's nothing to attack, there's also
nothing to manage.

> P.S. Please don't refer to Steve Gibson's site in an
> attempt to defame ISS's
> current BlackIce product - especially the one
> designed specifically for servers.

Please don't dictate what people can and cannot post. 
If you feel the need to do so, please do so directly
to the poster, rather than the list.



__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com