-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Protection is relative...specifically, what are you > protecting? What is the point of putting BlackICE on > a system, particularly a web server?
Perhaps you are not familiar with what BlackIce does. BlackIce knows what Code Red is, and it can stop it from hurting an UNPATCHED W2K machine. And it can afford this kind of protection vs. hundereds of other exploits as well. Basically, you can have it watching every single packet going to ALLOWED services (those that are open due to it being a webserver), and making sure that there is nothing malicious being attempted. Is that a good reason? > But wouldn't malicious attempts be "blocked" by simply > not running services that someone could attempt to > exploit? If there's nothing to attack, there's also > nothing to manage. There is something to attack - it's a webserver. There are numerous attacks that are done with nothing more than mangled http requests. BlackIce can stop many of them. How can I be more clear? > > P.S. Please don't refer to Steve Gibson's site in an > > attempt to defame ISS's > > current BlackIce product - especially the one > > designed specifically for servers. > > Please don't dictate what people can and cannot post. > If you feel the need to do so, please do so directly > to the poster, rather than the list. Ok, fair enough. I just didn't want to get into the Steve Gibson thing here. - -Daniel R. Miessler -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPhs7wlJwf7WiYT5vEQKyNACeKGwo/kQBmNQSKKR04nNe2NHwh4AAoJFL 1dEL4MW17nyS0+omF300k0BJ =R3Dn -----END PGP SIGNATURE-----
