BlackICE is more than a personal firewall, it also includes some host
level intrusion detection. That said, it was designed for the small office -
home office market. The product fits well for units on campus that have
similar characteristics to the intended market.
ISS, the maker of BlackIce, also has something called BlackICE Server
Protection. I have pulled this marketing blurb off of their web site.
http://blackice.iss.net/product_server_protection.php
BlackICE. Server Protection
BlackICE. Server Protection provides comprehensive firewall, intrusion
and application protection to secure Web FTP and email servers against
worms, hybrid threats and other cyber attacks. This patent-pending
technology combines intelligent outbound blocking, file locking and
application execution control to automatically monitor and respond to
malicious activity on a server.
BlackICE Server Protection secures servers by scrutinizing all traffic
into and out from a server, constantly on the lookout for suspicious
activity and ready to aggressively defend against attack.
BlackICE Server Protection now features Application Protection, an
exciting new feature designed to shield server.s PCs, laptops and
workstations from hijack by an attacker, and protects against Trojan
horse applications, worms and other destructive threats.
BlackICE protects using the same sophisticated technology that secures
corporate networks around the world. This unique combination of firewall,
fast, unobtrusive intrusion protection and straightforward interface
protects the privacy of any home or office server. BlackICE Server
Protection is widely available through online outlets.
Late in 2001, (I think), ISS bought the company BlackICE. BlackICE had
a product to manage multiple installations of BlackICE desktop called ICEcap.
ISS has repositioned ICEcap as part of their RealSecure enterprise level
product line. This product may be found here:
http://www.iss.net/products_services/enterprise_protection/rsdesktop/protector_desktop.php
I don't know if the RealSecure version of ICEcap can manage the desktop
version of BlackICE, but their is a downloadable trial version available.
If people are interested in this, I can check into it next week.
I believe that other vendors of "host based firewall" products have
centralized control products, or are developing them. It is just a matter
of the cost that one is willing to pay.
Depending on a border firewall to filter most threats is dangerous. This
sort of installation has led to systems where the border is secure, but the
computers were easily compromisable once the border was breached. The recent
commercial ultra-paranoid security designs I have seen include: a border
firewall, network intrusion detection, a server firewall, server based
intrusion detection, application based anomoly detection, hardening of the
server, and frequent security updates to any software.
Joe
On Thu, 16 Jan 2003, Doug Nelson wrote:
> > Shouldn't firewalls be like bottle necks ie.. the one location through which
> > the packets must travel before they get to the Computers that are behind it.
> > That way they can monitor these incoming and outgoing packets to check the
> > sources and destinations (addresses) of these packets. This way you can
> > perform some type of egress filtering, and discard packets from certain
> > addresses and address ranges? This can prevent hacking but also prevent the
> > hijacking of computers for use in a Denial Of Service Attack.
> >
> > It is understandable that there is overhead in checking each and every
> > packet, and this could potentially slow down throughput.
> >
> > I don't know about the way the university does it, but I know the major
> > government organizations do not use software firewalls installed on each and
> > every separate computer. They use a bottleneck approach to protect large
> > numbers of computers and ensure the validity of the configuration and
> > firewall rules.
> >
> > Wouldn't it be more logical to have one firewall for a building or floor of
> > a large multi departmental building , instead of purchasing 55 copies of
> > black ice and having 54 different firewall configurations?
>
> Why not do both? But also tell me how the one central firewall is
> going to avoid having 54 separate pieces to its ruleset? And besides,
> I think you'll find that you don't really have 54 unique configurations
> on your 50+ systems.
>
> Doug Nelson [log in to unmask]
> Network Manager Ph: (517) 353-2980
> Computer Laboratory http://www.msu.edu/~nelson/
> Michigan State University
>
|