> Because when you pass ports through a packet filter > into a machine offering > services, OpenBSD isn't going to help you. There is > little difference > between doing this and just turning off all services > other than the public > ones and putting it right on the Internet with no > protection at all.
Protection is relative...specifically, what are you protecting? What is the point of putting BlackICE on a system, particularly a web server? Turning off all unnecessary services (on a web server, that would be anything other than the web services...otherwise, it's not a web server) gives you fewer things to manage, and more CPU time and memory available for the web server. > BlackIce inspects ALL traffic, to include the > traffic being allowed through > whatever firewall, and can actively block malicious > attempts while letting > through legitimate traffic. But wouldn't malicious attempts be "blocked" by simply not running services that someone could attempt to exploit? If there's nothing to attack, there's also nothing to manage. > P.S. Please don't refer to Steve Gibson's site in an > attempt to defame ISS's > current BlackIce product - especially the one > designed specifically for servers. Please don't dictate what people can and cannot post. If you feel the need to do so, please do so directly to the poster, rather than the list. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
