Re: BlackIce vs Sygate
From: karl [x y] (jamescagney90210@excite.com)Date: 07/21/02
- Next message: Paul Hutchings: "Re: Blackice missing Code Red?"
- Previous message: karl [x y]: "Re: Blackice missing Code Red?"
- In reply to: Duane Arnold: "BlackIce vs Sygate"
- Next in thread: Duane Arnold: "Re: BlackIce vs Sygate"
- Reply: Duane Arnold: "Re: BlackIce vs Sygate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "karl [x y]" <jamescagney90210@excite.com> Date: Sun, 21 Jul 2002 10:22:55 -0400
I like BID too and use it as well. I agree that grc.com has unnecessarily
given BlackIce a black eye. I don't always have time to download and learn
the latest versions of BID that keep coming out, so maybe my information is
rusty. My comment about Sygate primarily making firewalling decisions based
on port number and ip address was meant to highlight a possible advantage of
BID, which is that BID does a better job of looking at the contents of the
packet as well for malicious payload. While I know that BID can satisfy
some people's needs for packet filtering rules, I think it will be a long
time before BID's GUI can do what Sygate's GUI can do in this regard. I had
hoped my post made it clear that choosing the best firewall of the two
depends on what your particular needs are. My personal decision was to use
either one depending on the needs of the individual machine.
"Duane Arnold" <darnold92@Insightbb.com> wrote in message
news:XPs_8.110592$uw.61039@rwcrnsc51.ops.asp.att.net...
> Hello,
>
> First of all, I want to tell XY, that this post is not a confrontational
> post I am making. This was a post I made directly to XY based on some pros
> and cons between BlackIce and Sygate that XY made in another thread.
>
> However, I thought I would post this publicly, because time and time again
> BlackIce has been abused by those who absolutely don't have a clue about
> BlackIce. BlackIce has gotten a bad rap, because of the Gibson site.
>
> This post is for those who are trying to make a sound decision as to which
> firewalls should be considered in their decision making process. I think
> BlackIce is one that should be considered.
>
> Duane
>
> Hello XY,
>
> I have read some of your posts about BalckIce and Sygate being used
together
> and the pros and cons between the two.
>
> I have used Sygate for awhile just to see what it was about. It's a good
> product, and prior to BlackIce 3.5, the combination of the two on a
machine
> made sense and still makes sense.
>
> However, some of the differences may not be that different anymore.
>
> Like ClearIce Firewall Log Reporting Utility for BlackIce
> http://www.y2kbrady.com/firewallreporting/clearice/
>
> About this comment you gave about the differences between the two that
> BlackIce didn't do so well but Sygate could, "Sygate can set
> up very granular packet filtering rules for detecting and blocking various
> communications based on port number and source IP address [instead of by
the
> contents of the packet]."
>
> BlackIce can do the same thing too. Take the example of me using
Netmeeting
> from my computer at my job to connect to a machine on my home network
> behind the Linksys router.
>
> If I told BlackIce to do Trusted IP(s) for certain TCP and UDP ports that
> Netmeeting uses, how would BlackIce know what IP to Trust , since my
machine
> at the job was getting its IP through DHCP?
>
> The solution was to tell BlackIce about all the possible IP(s) that would
be
> coming from my job's network. In this example for my job, I will use
> Link1.Duane.com and Link2.Duane.com, which are the IP ranges that have
been
> assigned to Domain Duane.com.
>
> When I had someone at the job try to connect to the machine on my network,
> BlackIce blocked on Link1.Duane.com. I told BlackIce to Trust and Accept
> Link1.Duane.com, and BlackIce did and knows the IP range to Accept
> xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx. If I used a machine on Link2,
BlackIce
> will block it.
>
> So, one can tell BlackIce to accept or reject IP ranges, IP(s) or an
> individual IP. You can tell BlackIce what port ranges , ports, or
individual
> port in conjunction with the IP(s) to be used. And you can tell BlackIce
how
> long the rule will be active. You may have to go to the BlackIce.ini.and
> Firewall.ini files, which I didn't have to do, but you can do anything
> needed to set the firewall rules.
>
> And on top of all of that, if any malicious network activity starts to
occur
> on a Trusted IP, BlackIce will block it.
>
> It doesn't get any better then that.
>
> It takes someone with your expertise to go down to that level with
BlackIce.
>
> On the other hand , BlackIce is on my mother's machine, who doesn't have a
> clue. BlackIce is set on the PARANOID level. I tell my niece to go over
> there to do things with Application and Communication Controls when
needed.
>
> BlackIce and Sygate are both good products and far better the all of the
> others I have used. They are not toys. BlackIce is my weapon of choice,
> because of the IDS.
>
> It seems that lots of users in Europe know about IDS and BlackIce. Users
in
> the US don't have a clue.
>
> Have a nice day
> Duane
>
>
>
>
>
- Next message: Paul Hutchings: "Re: Blackice missing Code Red?"
- Previous message: karl [x y]: "Re: Blackice missing Code Red?"
- In reply to: Duane Arnold: "BlackIce vs Sygate"
- Next in thread: Duane Arnold: "Re: BlackIce vs Sygate"
- Reply: Duane Arnold: "Re: BlackIce vs Sygate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
