Alan writes: > > I think the fact that Graham designed an intrusion detection product > > (BlackICE now the core technology in ISS's RealSecure) is demonstrative of > > his commitment to building solutions that are neither a nuisance or an > > inconvenience. In fact, I would argue (although I have a rather obvious > > bias here) that Mr. Graham's technologies are some of the least intrusive > > security products that still deliver outstanding capabilities. > > I tend to prefer ZoneAlarm. BlackIce has had too many problems in the past > for me to trust it very far. > Yes, but ZoneAlarm is NOT an IDS. It is a firewall with some other abilities because it is on a host. Run IIS on two systems- load blackICE on one, load ZoneAlarm on the other. Configure them both to be as secure as possible while allowing HTTP access to port 80. Then run CodeRed (if you've got a copy, or else some other attack if you don't) against them. See which one blocks it- BI will. ZA will not. One is an IDS and watches the traffic. One is a firewall and controls access. IDS allows for the need for untrusted traffic/apps. Firewalls don't. toby
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:40:27 PDT