I use to administer at a university... I know EXACTLY what you mean. Thanks for the feedback.
-----Original Message----- From: Don Voss [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 29, 2002 12:33 PM To: garren; [EMAIL PROTECTED] Subject: Re: Feedback on BlackICE... No. BlackICe is only as good as the endusers setting it up and monitoring it. Example. Here, a faculty member was running a development setup on a NT box. MAPX material. His Grad students had access to the box. He installed blackice on the box. Some schmoo waltzed right in and defaced the MAPX pages. Later the ip address showed up in a list of defaced pages posted in germany somewhere. That got seen and filtered back to the powers that be here .. then to our department .. I got called in to see get the spinach off the university teeth ... No one was watching the blackice .. who knows what alert popped up when and who knows who just clicked ok to get the popup off the screen. I found the grad student[s] had admin rights. I unplugged the box from the net .. took a quick look .. found various upload.asp files and cmd.asp files dropped in temp and root dir, probability more areas as they tried to find a writable open area to work from. I explained what I could to the professor. Suggested a clean rebuild would be in order. Cautioned him about grads with admin rights and spoke of the need to keep a eye on a unit which is providing services on the wire. He explained he was very busy , off to a conference. I said I will get a clean setup back to him and mentioned I like zonealarm to block / hide services .. but the logs need to be watched. Told him nothing is fool proof unless it is monitored or unplugged from the net. This was non-production .. if someone here wants to do production material .. they must provide for monitoring services. regards .. a lurker and learner .. /don On 28 Jan 2002 at 22:41, garren wrote: > Hi all, > > I am looking at BlackICE and wondering if anyone has good/bad feedback on > the tool. Do you think it does a good job of the combined Firewall/IDS/etc > security that it claims it does? I have it installed and running and it > has caught a few port scans and a DoS on my system but that could be just > window dressing. > > Feedback is a good think... looking forward to yours. > > Cheers... > _____________________________________________________ Don Voss [EMAIL PROTECTED] Senior Programmer Analyst Geography and Planning University at Albany, NY "GORT! Klaatu Barada Niikto"
