At 09:29 PM 10/26/99 -0700, Robert Graham wrote: >Disclaimer: I have something to do with Network ICE. > >BlackICE Defender is a scaled down version of BlackICE Sentry, our network IDS >agent. We basically built a host-agent out of the network-agent, then added >personal firewall capabilities. > >The term "personal firewall" is sort of an oxymoron -- because the whole point >of firewalls is to have a many-to-one relationship (many machines behind one >firewall). It's kinda pointless to have a one-to-one relationship, you can just >as easily harden the system in the first place. Disagree. The point of firewalls is to provide a centralized point of control for security relevant network activities. This is useful for one machine or many, and no doubt it's the reason Windows 2000 has connection filtering built in. It lets you explicitly identify what services you want to pass through your public connection and what you want to block. This is much easier than somehow locating all applications that might use the socket interface at one time or another to provide or use an arbitrary service. Estimates in the DoD run around 1 to 2 days of work for a trained administrator to seriously harden a commercial OS. Plus, you have to redo it whenever you make a significant administrative change to the system (i.e. install one more application). Kiddies, don't try this at home -- while I expect many colleagues on this list may be up to the task, most people aren't. I like the idea of a graphical network traffic/attack monitoring capability bundled with firewalling. This would give a less sophisticated user (like someone at home) the ability to see what's happening and block things accordingly. Rick. smithat_private "Internet Cryptography" at http://www.visi.com/crypto/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:45:29 PDT