Firewall Wizards mailing list archives
Re: FW: BlackIce Defender???
From: Robert Graham <robert_david_graham () yahoo com>
Date: Tue, 26 Oct 1999 21:29:23 -0700 (PDT)
Disclaimer: I have something to do with Network ICE. BlackICE Defender is a scaled down version of BlackICE Sentry, our network IDS agent. We basically built a host-agent out of the network-agent, then added personal firewall capabilities. The term "personal firewall" is sort of an oxymoron -- because the whole point of firewalls is to have a many-to-one relationship (many machines behind one firewall). It's kinda pointless to have a one-to-one relationship, you can just as easily harden the system in the first place. Defender makes "personal firewalls" work in two ways: First, it uses the IDS component to juggle the firewall rulesets and makes it easy enough for home users to manage (not great security, but tons better than what they had before). Secondly (coming in a few weeks in v2.0) the management console can maintain a common ruleset for groups of Defender agents. Thus, you can think of the console itself as the "firewall", and the desktop agents as where the packet filtering actually occurs. Thus, if your firewall ruleset is "block all incoming SYN packets", the 500 telecommuters out on the Internet running Defender will have roughly the same protection as the other 500 users inside the real firewall. This is intended for your VPN telecommuters outside the firewall, as well as employees inside, because everyone knows that desktops are easier to breach than servers, but give you roughly the same level of access to corporate data (who's watching your CEO's desktop?) Robert Graham CTO, Network ICE PS: A list of intrusions detected (aka. signatures) that both Sentry and Defender detects is at: http://networkice.com/advice/intrusions Details on the network-agent really aren't appropriate for this list. -----Original Message-----
From: crispin () cse ogi edu [mailto:crispin () cse ogi edu] Sent: Tuesday, October 26, 1999 6:54 PM To: Rick Smith Subject: Re: FW: BlackIce Defender??? Rick Smith wrote:Black Ice sounds like a PC firewall and intrusion detection bundle. I don't see any surprising technology. The main thing seems to be pricing and packaging -- it's designed for home/small office use.It would be interesting to hear how it compares with Marcus' (free for download) BackOfficer Friendly. Black Ice marketing lit is fairly uninformative. However, when I said so in comp.security.misc:-) I got this very helpful post back from the Black Ice CTO ( http://x36.deja.com/[S0=90708c11189f544]/getdoc.xp?AN=471128515&CONTEXT=940988836.161874077&hitnum=15 , a deja.com query of subject="BLACKICE IDS" and looing for posts from Robert David Graham). The particularly interesting technologies seem to include: * back-scanning the intruder * the usual claim of "we have more signatures than anyone else" (I wouldn't know :-) * allegedly smarter scanning algorithms that do packet reassembly to detect fragmented attacks * designed to detect attacks inside the corporate LAN Disclaimer: I have absolutely nothing to do with Black Ice. I have not tried their product, I'm just passing along the relevant info.
__________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com
Current thread:
- BlackIce Defender??? Butler, Gary (Oct 19)
- <Possible follow-ups>
- FW: BlackIce Defender??? Butler, Gary (Oct 20)
- Re: FW: BlackIce Defender??? Rick Smith (Oct 26)
- Message not available
- Re: FW: BlackIce Defender??? Rick Smith (Oct 27)
- Re: FW: BlackIce Defender??? R. DuFresne (Oct 27)
- Message not available
- Re: FW: BlackIce Defender??? Marcus J. Ranum (Oct 27)
- Re: FW: BlackIce Defender??? Craig H. Rowland (Oct 28)
- Message not available
- Re: FW: BlackIce Defender??? R. DuFresne (Oct 27)
- Re: FW: BlackIce Defender??? Crispin Cowan (Oct 27)
- Message not available
- Re: FW: BlackIce Defender??? (and CVE again) Adam Shostack (Oct 28)
- Re: FW: BlackIce Defender??? Rick Smith (Oct 27)
- RE: FW: BlackIce Defender??? Anton J Aylward (Oct 27)
- RE: FW: BlackIce Defender??? LUCIUS (Oct 30)
- Re: FW: BlackIce Defender??? Craig H. Rowland (Oct 29)