 |
 |
BlackICE is more than a personal firewall, it also includes some host level intrusion detection. That said, it was designed for the small office - home office market. The product fits well for units on campus that have similar characteristics to the intended market. ISS, the maker of BlackIce, also has something called BlackICE Server Protection. I have pulled this marketing blurb off of their web site. http://blackice.iss.net/product_server_protection.php BlackICE. Server Protection BlackICE. Server Protection provides comprehensive firewall, intrusion and application protection to secure Web FTP and email servers against worms, hybrid threats and other cyber attacks. This patent-pending technology combines intelligent outbound blocking, file locking and application execution control to automatically monitor and respond to malicious activity on a server. BlackICE Server Protection secures servers by scrutinizing all traffic into and out from a server, constantly on the lookout for suspicious activity and ready to aggressively defend against attack. BlackICE Server Protection now features Application Protection, an exciting new feature designed to shield server.s PCs, laptops and workstations from hijack by an attacker, and protects against Trojan horse applications, worms and other destructive threats. BlackICE protects using the same sophisticated technology that secures corporate networks around the world. This unique combination of firewall, fast, unobtrusive intrusion protection and straightforward interface protects the privacy of any home or office server. BlackICE Server Protection is widely available through online outlets. Late in 2001, (I think), ISS bought the company BlackICE. BlackICE had a product to manage multiple installations of BlackICE desktop called ICEcap. ISS has repositioned ICEcap as part of their RealSecure enterprise level product line. This product may be found here: http://www.iss.net/products_services/enterprise_protection/rsdesktop/protector_desktop.php I don't know if the RealSecure version of ICEcap can manage the desktop version of BlackICE, but their is a downloadable trial version available. If people are interested in this, I can check into it next week. I believe that other vendors of "host based firewall" products have centralized control products, or are developing them. It is just a matter of the cost that one is willing to pay. Depending on a border firewall to filter most threats is dangerous. This sort of installation has led to systems where the border is secure, but the computers were easily compromisable once the border was breached. The recent commercial ultra-paranoid security designs I have seen include: a border firewall, network intrusion detection, a server firewall, server based intrusion detection, application based anomoly detection, hardening of the server, and frequent security updates to any software. Joe On Thu, 16 Jan 2003, Doug Nelson wrote: > > Shouldn't firewalls be like bottle necks ie.. the one location through which > > the packets must travel before they get to the Computers that are behind it. > > That way they can monitor these incoming and outgoing packets to check the > > sources and destinations (addresses) of these packets. This way you can > > perform some type of egress filtering, and discard packets from certain > > addresses and address ranges? This can prevent hacking but also prevent the > > hijacking of computers for use in a Denial Of Service Attack. > > > > It is understandable that there is overhead in checking each and every > > packet, and this could potentially slow down throughput. > > > > I don't know about the way the university does it, but I know the major > > government organizations do not use software firewalls installed on each and > > every separate computer. They use a bottleneck approach to protect large > > numbers of computers and ensure the validity of the configuration and > > firewall rules. > > > > Wouldn't it be more logical to have one firewall for a building or floor of > > a large multi departmental building , instead of purchasing 55 copies of > > black ice and having 54 different firewall configurations? > > Why not do both? But also tell me how the one central firewall is > going to avoid having 54 separate pieces to its ruleset? And besides, > I think you'll find that you don't really have 54 unique configurations > on your 50+ systems. > > Doug Nelson [log in to unmask] > Network Manager Ph: (517) 353-2980 > Computer Laboratory http://www.msu.edu/~nelson/ > Michigan State University >