Jump to content

Zonealarm / BlackIce

legover

By legover,
in Technology

Recommended Posts

legover Newbie

legover

Posted
Posted

Very long URL

 

?BlackICE is a Network Intrusion Detection System,

and ZoneAlarm is a software firewall, and it is fine to run both programs

alongside each other. In my opinion, the only good thing about ZoneAlarm is

that when a program trying to make an outward bound connection from your

system to any other, it asks you if you want to allow it. ZoneAlarm works by

blocking everything except what you want to allow. BlackICE on the other

hand monitors each packet on your connection for anything suspicious. It

still stops port scans and various DoS attacks, but the thing I like most

about BlackICE is that it has the ability to help stop attackers using

exploits against you. For example,

 

Scenario :

- User has IIS installed

- IIS suffers from the ISAPI Buffer overflow.

 

Zone Alarm Firewall:

- Since ZA is setup to allow Inbound connection to IIS port 80, it will do

so. It will also let pass the malicious buffer overflow attack which will

exploit IIS.

 

Result : Security compromised.

 

BlackIce Defender :

- Blackice defender will identify the Attack, depending on the mode BID has

been setup it will block further requests to the attacking IP which has send

the malicious Internet Packet.

 

Result : Security partially compromised (depending on exploit and setup)

 

Also, BlackICE detects trojan connections such as SubSeven by the packets,

not which port it is listening on, so no matter which port it tries

listening on or someone tries connecting to it on, BlackICE will detect and

stop it. BlackICE also includes such information as MAC addresses etc. and

gives a much better detailed report on any types of attacks.

 

Another good feature of BlackICE is that it can detect suspicious activity

on your own computer, such as telnet abuse. So say if you were on a network

that had already been comprimised it can detect any activities that a hacker

might use, such as IP spoofing etc.

 

If you want more details on why using BlackICE on a network,

http://www.securityhorizon.com/whitepapers/technical/IDSplace.html is a

pretty helpful text on where the place such an application and why".

 

 

might be a good idea to have both running.

 

[Edited URl - KS]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...