Re: Threat of running a web server?
From: Duane Arnold (notme_at_notme.com)
Date: Mon, 19 Jan 2004 19:47:28 GMT
"Noyb" <firstname.lastname@example.org> wrote in
>> allowing _any_ daemon (server for you microsoft weenies) to run on
>> _any_ port leaves you _vulnerable_. "how vulnerable" is dependant
>> upon the daemon/server. _all_ programs have the _potential_ to be
>> exploited. if you don't know what you're doing, don't run a
>> server/daemon, even if you're running "black ice", nothing more than
>> a IDS anyway.... even a personal firewall.... if you're explicitly
>> telling the firewall/IDS to ignore port 80 traffic, you're leaving
>> that particular service "out there". if you don't know what you're
>> doing, you don't keep up on server/daemon patching and you're not
>> running a proper IDS and actually watching the friggin logs, you'll
>> get hacked... it's only a matter of time (in some cases, a 0day
>> Colonel Flagg
>> Privacy at a click:
>> Q: How many Bill Gates does it take to change a lightbulb?
>> A: None, he just defines Darkness? as the new industry standard..."
>> "...I see stupid people."
> "BlackICE protects using the same sophisticated technology that
> secures corporate networks around the world. This unique combination
> of firewall, fast, unobtrusive intrusion protection and
> straightforward interface protects the privacy of any home or office
This is true. But BlackIce cannot protect on outbound connections. It
does protect on an unsolicited outbound connection from the machine and
will block it. And BI will block an application from outbound connections
by exe, dll, ocx or any program file type you place into the Checksum.fle
for monitoring. And BI has good logging of these events if you're using
VisualIce (free use Google) and BI logging is enabled.
But BlackIce cannot stop outbound connections to IP(s), port(s), protocol
(s), DNS(s) etc and that's where IPsec comes into play on the Win2k, XP
and Win 2K3 O/S(s) that can do that.
> Sounds like a firewall, and it's always seemed to protect me. If you'd
> like to suggest some other solutions and not just "microsoft weenie"
> cut-downs I'd like to hear them.
BlackIce does have a FW component that I have used from day one I started
using the product. And BI as stopped a couple of attacks that came right
through that NAT router, when no ports were being forwaded to a machine.
I too get tired of watching people bitch and cry about the MS NT based
O/S which can be configured to be secure or BlackIce as well which can be
used effectively if configured properly.