Disclaimer: I have something to do with Network ICE. BlackICE Defender is a scaled down version of BlackICE Sentry, our network IDS agent. We basically built a host-agent out of the network-agent, then added personal firewall capabilities. The term "personal firewall" is sort of an oxymoron -- because the whole point of firewalls is to have a many-to-one relationship (many machines behind one firewall). It's kinda pointless to have a one-to-one relationship, you can just as easily harden the system in the first place. Defender makes "personal firewalls" work in two ways: First, it uses the IDS component to juggle the firewall rulesets and makes it easy enough for home users to manage (not great security, but tons better than what they had before). Secondly (coming in a few weeks in v2.0) the management console can maintain a common ruleset for groups of Defender agents. Thus, you can think of the console itself as the "firewall", and the desktop agents as where the packet filtering actually occurs. Thus, if your firewall ruleset is "block all incoming SYN packets", the 500 telecommuters out on the Internet running Defender will have roughly the same protection as the other 500 users inside the real firewall. This is intended for your VPN telecommuters outside the firewall, as well as employees inside, because everyone knows that desktops are easier to breach than servers, but give you roughly the same level of access to corporate data (who's watching your CEO's desktop?) Robert Graham CTO, Network ICE PS: A list of intrusions detected (aka. signatures) that both Sentry and Defender detects is at: http://networkice.com/advice/intrusions Details on the network-agent really aren't appropriate for this list. -----Original Message----- >From: crispinat_private [mailto:crispinat_private] >Sent: Tuesday, October 26, 1999 6:54 PM >To: Rick Smith >Subject: Re: FW: BlackIce Defender??? > > >Rick Smith wrote: > >> Black Ice sounds like a PC firewall and intrusion detection bundle. I don't >> see any surprising technology. The main thing seems to be pricing and >> packaging -- it's designed for home/small office use. > > It would be interesting to hear how it compares with Marcus' (free for > download) BackOfficer Friendly. > >Black Ice marketing lit is fairly uninformative. However, when I said so in >comp.security.misc :-) I got this very helpful post back from the Black Ice >CTO ( >http://x36.deja.com/[S0=90708c11189f544]/getdoc.xp?AN=471128515&CONTEXT=940988836.161874077&hitnum=15 >, a deja.com query of subject="BLACKICE IDS" and looing for posts from Robert >David Graham). The particularly interesting technologies seem to include: > > * back-scanning the intruder > * the usual claim of "we have more signatures than anyone else" (I wouldn't > know :-) > * allegedly smarter scanning algorithms that do packet reassembly to detect > fragmented attacks > * designed to detect attacks inside the corporate LAN > >Disclaimer: I have absolutely nothing to do with Black Ice. I have not tried >their product, I'm just passing along the relevant info. __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:45:31 PDT