Andrew, I concur with what you say, I installed the first Guard ever produced, running on a "handmade" dual processor P.C.and brought over to the UK by Clintom Lum, the architect of Guard. It worked perfectly from day one and we have now deployed many Guards on many networks with superb results and true attack prevention.
One area you need to be aware of is the managment, it is currently managed by ICECap Manager but there is a bridge module available that forwards the alerts to Site Protector so it can be interfaced with Site Protector right now. Future versions of site protector will provide configuration Management as well so there will be no need for the ICECap manager. Even now it is not a big deal as it can co-exist on the same server and use a shared SQL database. The real issue in intrusion is not to make the mistake in thinking that a box on the portal will solve the issues, it is essential to deploy Server based Server Sensor's as well to protect against internal hacking. The big benefit in the ISS solution is unique, it comes from deploying System Scanner and Server Sensor on all servers as well as Desktop protector on VPN laptops and a Guard on the Internet Portal, then, using Fusion software attack alerts can be correlated with known vulnerability status --- now you have real information and not just data! I see a plethora of appliances, IDS in firewalls like Netscreen etc. etc. but they are just "islands" providing yet more data, ISS leads the World by providing a complete solution and having products for vulnerability assesment, log file analysis, Intrusion detection, Intrusion protection that all work together. It is like the data switching market, Avaya have a better core switch than Cisco in my humble opinion, there are better workgroup products than Cisco have, and probably better Routers --- but -- do you want three different management configurators? do you want three suppliers for a single network? This is where Cisco excelled and why they lead the market in networking, especially large networks, it comes down to Total Cost of Ownership and it is where ISS also excel, in providing the complete solution! John Taylor Tolerant Systems Tel 01782-865026 mobile 07730989255 -----Original Message----- From: Andrew Plato [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 3:25 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [ISSForum] Re: ISS Guard product > Does the Guard product use signature updated like RS sensor or is it > completely based on anomaly analysis? Guard is based off the BlackICE engine and as such is a hybrid of signatures and anomaly analysis. As it stands, Guard is more like BlackICE than the old RealSecure product. Guard units currently plug into ICEcap, but the next SiteProtector will be able to manage them as well (at least that's what I have been told.) > Can it block traffic by itself or do you have to configure a FW to > block the traffic? Guard has an integrated firewall. It can block IP addresses, ports, or ICMP traffic bi-directionally. Guard's firewall is not really meant to replace a real firewall because the rules are fairly simplistic. However, using Guard you can create a "high security zone" that can only pass traffic to a specific address, range, subnet, or over a specific port. If you are interested in Guard systems, Anitian Corporation has more experience than any other reseller in the nation on Guard. I was one of the first people to deploy Guard and I have been very active with the ISS engineering team in developing the Guard product. I have Guard units that have been running continuously for over 2 years protecting critical mainframes and high-security subnets at financial institutions and US government sites. Anitian also sells hardened Guard appliances that are essentially plug-and-play ready. If you have any questions about Guard, feel free to contact me. I can give you a lot of real-world pointers on how to make Guard work optimally. ___________________________________ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation ISS Premier Reseller 503-644-5656 Office 503-644-8574 Fax 503-201-0821 Mobile www.anitian.com _______________________________ _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
