Penetration Testing mailing list archives
Re: [PEN-TEST] BlackICE
From: "Teicher, Mark" <mark.teicher () NETWORKICE COM>
Date: Wed, 13 Sep 2000 15:28:14 -0700
Again, One is speaking of Black ICE Defender and not our Corporate product. /m At 12:31 PM 9/13/00 +0000, Jonas wrote:
James Kelly wrote: > > I work at a major isp who will remain nameless and I see countless Blackice > logs in my daily work. > My gripes against it are: > 1. It takes a computer with not many or no ports open and opens ports to listen > on them, thereby making your computer an attractive target for would-be > attackers. > 2. The logs it creates are nonstandard and difficult to get at. I need to see > src port and ip, destination port and ip and I don't want to see what BlackIce > interprets...The logs are also not very informative. > 3. I've had many instances where BlackIce has misinterpreted a traceroute or a > ping for an attack. > > Frankly with all the talk on this list about "false positives" on scanning > tools on this list, I'm surprised anyone knowlegeable enough to read this list > would buy such a low rent product....just my two cents worth though;_) I also work for an (albeit small) isp. We gave Blackice a shot, and while I was not particularly impressed, it did accomplish one goal, which was reassuring mgmt that a) things were being done to prevent intrusion, and b) my job was worthwhile. We got vast quantities of false positives, and, more frightening, it took very little effort to produce false negatives. I initially pushed for a stronger system, but soon decided that I would leave that alone and work out a local solution. A pro-active approach to locking down ports, periodic pen-testing (fortunately I have near free-rein in that regard), and A few improvements of my own which are still in development, are keeping us mostly safe, keeping me in a job, and not killing us for cash. Anyway, I figured that as a mgmt happy, Black Ice is cheap at the price. -- Jonas "Never mistake motion for action." --Ernest Hemingway
Current thread:
- [PEN-TEST] BlackICE Rhodes, Brian PFC--3SIG (Sep 12)
- Re: [PEN-TEST] BlackICE James Kelly (Sep 13)
- Re: [PEN-TEST] BlackICE Jonathan Rickman (Sep 13)
- Re: [PEN-TEST] BlackICE Jonas (Sep 13)
- Re: [PEN-TEST] BlackICE Teicher, Mark (Sep 14)
- Re: [PEN-TEST] BlackICE Eric (Sep 13)
- Message not available
- Re: [PEN-TEST] BlackICE Teicher, Mark (Sep 13)
- Re: [PEN-TEST] BlackICE James Kelly (Sep 13)