Re: win2k firewall

-----BEGIN PGP SIGNED MESSAGE-----
I too am going to stick my nose into this debate.

First, no single product or configuration is going to make a web server secure. The process of making a web server secure involves many layers.

1. Harden the system. Turn off every thing that isn't absolutely necessary.
2. Use a hardware firewall to block-off the bulk of port scans and what not.
3. Use an IDS (host or network based) to watch the traffic that is entering and exiting the system.
4. Run integrity checks on the system using something like Tripwire.
5. Manage ACLs very carefully on the system.
6. Monitor the logs and watch for suspicious activity.

None of these solutions, individually, is sufficient to make the system secure. But as a whole, they would comprise "due diligence" on making the system secure.

However, if money/resources are tight priorities must be made. Sometimes a hardware firewall is out of the question due to network configuration, cost, etc. In this case, something like BlackICE might not be the perfect solution, but it is better than nothing.

That said, I have used BlackICE (aka RealSecure Desktop Protector) on our network, I have found that it is very capable IDS. For about $300 a server, I get a very potent IDS engine that can monitor port 80 and port 443 traffic for potential intrusions. I also get central management, great reports, and a highly customizable IDS. However, as I have told others I was fortunate to have gotten a very good education on BlackICE.

As for performance, one of the things I have noticed is that most of the people who complain about BI's performance, are using the desktop version. The desktop version was not designed for a high-volume server. This is why there is a server version. In this case the engine has been tuned for lots of connections. I tested BI in my lab on a Win2k Server. At 100% load on 100Mbps network, BlackICE Server was only at about 30% CPU utilization. I can live with that considering my network never comes close to 100% utilization.

The other thing I have noticed about BI is that there is a wide gap in expertise with BI. BI is a tool that tends to have a very niche appeal. BI has, arguably, one of the most advanced IDS engines ever built. So advanced that ISS uses that same engine (modified of course) in their enterprise RealSecure products - even the flagship Gigabit IDS.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

However, there are still a lot of people who are still riding this "Steve Gibson era" propaganda about BlackICE and as such, will hate it no matter how much evidence is given to counter their opinions. My suggestion to anybody considering BlackICE is to look a little deeper than just the UI. Read the docs and learn the parameters and you'll quickly learn that BlackICE can do a lot.

One thing to keep in mind, however, is that NONE of the "personal firewalls" on the market (and I mean NONE) are intrusion detection systems. Zone, Sygate, Tiny, Kerio, etc. etc. are all just firewalls and application controls. They have NO IDS features AT ALL.

Alex
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wmUEARECACUFAj4fIoYeHGFsZXhhbmRlcmRlbGFyZ2VAaHVzaG1haWwuY29tAAoJEE6F /F3PSQdxFSAAoLbMhDcTOkUNwFL0zqGtQHoWDZMzAJ0SM+lkrdt+V+olh/pS6oxq3Q3r OQ==
=JyZp
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2

Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 Received on Sat Jan 11 20:46:11 2003