Re: [PEN-TEST] Black ICE

[Riley Hassell <riley () SPEAKEASY NET>]

They also have a distributed monitoring system available.
(The ICECAP Server)

It allows BlackIce Defender clients to report their logs to a larger
administrated database. The whole concept is very interesting.

Example.
*  successful connection to protected client
X  Filtered out
-> data sent


       2.) Clients recognize scan and Logs aresent to ICECAP Server

1.)       ->    * 1.1.1.1  - >    --------  3.) Icecap Server sends
Attacker  ->    * 1.1.1.1  - >   | ICECAP |     an email to admin
Initiates ->    * 1.1.1.1  - >   | SERVER |     cell phone about a      
vuln scan ->    * 1.1.1.1  - >    --------      scan initiatedon
          ->    * 1.1.1.1  - >                  the network he is
          ->    X ...                           protecting.
          ->    X ...  5.) The scan doesn't                             
                           even reach the       4.) Admin log's into the
                           the rest of the          ICECAP server from
                           network.                 his laptop and set's
                                                    the filters up.

Note: This can also be automated. ;)



  Riley Hassell
  Network Security
  Speakeasy Network
  Phone : 206-728-9770x151
  Email : riley () speakeasy net


On Fri, 8 Sep 2000, Talisker wrote:

> Bill
>
> I have info on BlackIce Defender, BlackIce Sentry on my web site below,
> There are also plans to launch a network vulnerability scanner called
> IceScanner, also worth a look is IceAgent which is the corporate version of
> defender, I haven't put that up yet.
>
> Andy
>
>
> http://www.networkintrusion.co.uk/
>  Listing all known commercial IDS
>                     '''
>                  (0 0)
>   ----oOO----(_)----------
>   | The geek shall        |
>   |  Inherit the earth     |
>   -----------------oOO----
>                |__|__|
>                   || ||
>               ooO Ooo
>
>
> The opinions contained within this transmission are entirely my own, and do
> not necessarily reflect those of my employer.
>
>
>
>
>
> ----- Original Message -----
> From: "Bill Casti (System Admin)" <help () QUALITY ORG>
> To: <PEN-TEST () SECURITYFOCUS COM>
> Sent: Thursday, September 07, 2000 10:18 PM
> Subject: Re: [PEN-TEST] Black ICE
>
>
> > Anyone tell me more about Black ICE, what it is and where to get some
> > detailed information?
> >
> > Thanks.
> > Bill
> ============================================================================
> =
> >  Bill Casti, CQA                                     Email:
> help () quality org
> >  - Domain Owner, QUALITY.ORG                         Pager: +1 800 604
> 6149
> >  - List Moderator, "TQM in Manufacturing and Service Industries"
> > --------------------------------------------------------------------------
> ---
> >  Self-service list subscription service at
> www.quality.org/cgi-bin/majordomo
> >          See http://www.quality.org/lists/lists_at_quality.org.html
> >                for the List of Lists supported at QUALITY.ORG
> ============================================================================
> =
> >