|
Neal Jones said...
> URL? is it the same as the PC workstation software, does it run
on Server
> software as well? Neal, BlackICE is now a product of Internet
Security Systems (they bought BlackICE from a company called Network ICE a few
years ago). You can see their server products, including BlackICE
Server (which is their entry-level product) at http://www.iss.net/find_products/server.php.
You can read the manual at: http://documents.iss.net/literature/BlackICE/BISP-UG_36.pdf.
The server version (needed to run on any server version of Windows I
believe) is $300, whereas the "desktop" version is $40. They say they
support NT4 and W2K but I am also running it on Windows Server 2003 with no
problem.
In the interest of full disclosure, BlackICE is an
interesting product: interesting as in having pros and cons.
The firewall is simple yet robust and the basic
options are easy to configure, although today on this list I happily discovered
that it is possible to tweak the underlying configuration files to do things
like automatically block dictionary attacks. I have yet to discover where/if
these tweaks are documented somewhere. (Out of the box BlackICE will auto-block
IPs attempting attacks that are both serious and difficult to spoof--but NOT
dictionary attacks.) BlackICE did have a well-publicized vulnerability, oh 6-8
months ago, which they did a TERRIBLE job communicating/patching and left any
system running BlackICE wide-open vulnerable to a custom-crafted and very
destructive worm (Witty). I did not enjoy that, but it's been the only major
issue I've had with the software in years. Also, BlackICE firewall settings
apply to all IPs on the box--no IP-specific settings.
On the con side, IMHO, BlackICE has a feature
called application protection that seems basically to take a checksum of all
applications on your machine, and if it sees an "unauthorized" application start
up, BlackICE will kill it. A related feature is communication control which will
quash unauthorized outbound network access. IMHO these features are not
well implemented, and a day will come when you will have trouble getting
software to start for no apparent reason because the executable has changed
(software update?) and BlackICE is killing it every time it tries to start up.
Fortunately, you can turn application protection off altogether and not worry
about it.
Last time I checked their support for BlackICE was
email only and I've found their response quality/timeliness
average.
Hope this helps.
Evan |
- Re: [IMail Forum] SAVE $20! Buy IP... Tom Pepper
- Re: [IMail Forum] SAVE $20! Bu... Darin Cox
- [IMail Forum] OT - UPiE - (was ... Doug Traylor
- RE: [IMail Forum] OT - UPi... Brad Morgan
- RE: [IMail Forum] SAVE $20! Buy IP... John Tolmachoff \(Lists\)
- Re: [IMail Forum] SAVE $20! Buy IPlus ... mnapuran
- RE: [IMail Forum] SAVE $20! Buy IPlus Info... Kevin Bilbee
- Re: [IMail Forum] Dictionary attacks and TCP Pro... Evan Eggers
- Re: [IMail Forum] Dictionary attacks and TCP Pro... Bill Foresman
- RE: [SPAM] - Re: [IMail Forum] Dictionary a... Neal Jones
- RE: [IMail Forum] Dictionary attacks an... Evan Eggers
- RE: [IMail Forum] Dictionary attacks and TCP Pro... Ted Galerneau
- Re: [IMail Forum] Dictionary attacks and TCP Pro... Patrick Burm
- Re: [IMail Forum] Dictionary attacks and TC... Darin Cox
- Re: [IMail Forum] Dictionary attacks and TC... Patrick Burm
- Re: [IMail Forum] Dictionary attacks an... Evan Eggers
- RE: [IMail Forum] Dictionary attacks and TCP Pro... Ted Galerneau
- RE: [IMail Forum] Dictionary attacks and TC... Len Conrad
- RE: [IMail Forum] Dictionary attacks an... Ted Galerneau
- Re: [IMail Forum] Dictionary attack... Darin Cox
- RE: [IMail Forum] Dictionary at... Ted Galerneau
