(no subject)

From: Jeff Cochran (jcochran@info.der-keiler.de)
Date: 07/23/02


From: jcochran at naplesgov dot com (Jeff Cochran)
Date: Tue, 23 Jul 2002 18:29:22 GMT


>> Actually, Gibson is pretty much dead on right.
>> I'm American. And I do know about intrusion detection. And I realize
>> that detection and prevention are two very different animals.
>
>Well, Gibson was rating BlackIce as a firewall [at a time when BlackIce was
>being sold as an IDS].

As I recall, he rated it as a firewall because it was being pushed as
a personal firewall. And as I recall, the "war" that developed fueled
even more animosity, when Black Ice users were sending reports to
Gibson's ISP that he was attacking their system, after they requested
the attack as a test. :)

>Snort would have failed his "LeakTest" test as well,
>because neither Snort nor BlackIce were designed to do what he was testing
>for [blocking trojan. To me that's a little bit like comparing apples and
>oranges. It's a good thing Steve didn't run his Leaktest test against
>Snort, because then a large portion of the security community would have
>been against him, instead of just a portion of it.

This is absolutely true. There is a definite difference between an
IDS and a firewall. Even though the lines are getting blurrier every
week, mostly due to the marketing hype.

>The best solution is not always the one with the best technical features,
>but sometimes is the one that's the easiest to set up, the one that runs
>pretty well in the default configuration, or the one that's easiest to
>support.

And that "best solution" depends dramatically on who the solution is
for. Which makes any blanket statement, whether it's "Black Ice is
what you need," or "Black Ice is crap," pretty useless.

And that's what I objected to the post for, not that Black Ice is bad.
Just that it may not be the right tool for the job that needs to be
done.

Of course, I also need to keep in mind the groups posted to. Some of
these support vastly different sets of users, with different sets of
needs.

Jeff



Relevant Pages

  • Re: security on iis 5 open port router
    ... And I do know about intrusion detection. ... Gibson was rating BlackIce as a firewall [at a time when BlackIce was ... he rated it as a firewall because it was being pushed as ... whether it's "Black Ice is ...
    (microsoft.public.win2000.security)
  • Re: ISA Vs BlackIce
    ... Black Ice is designed as a Personal ... Firewall to be used on a workstation, not a Server. ...
    (microsoft.public.windows.server.sbs)
  • Re: BlackIce 3.5 - help please
    ... I would prefer not to use the built in firewall, ... bought Black Ice last year. ... > my regular upgrade check within the BlackIce application. ...
    (comp.security.firewalls)
  • [fw-wiz] GIDS, Intrusion Prevention: A Firewall by Any Other Name
    ... intrusion detection pattern matching rules to the content they see ... To me, this is a firewall. ... I am *not* criticizing the technology. ... proprietary "intrusion prevention" technologies (i.e. I've forgotten the ...
    (Firewall-Wizards)
  • Re: firewall
    ... I would not necessarily thing that having intrusion detection is such a big ... thing in a small network. ... The security logs on the domain computers can be ... The firewall logs can also be checked ...
    (microsoft.public.windows.server.security)