Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] BlackICE
From: "Teicher, Mark" <mark.teicher () NETWORKICE COM>
Date: Wed, 13 Sep 2000 15:28:14 -0700

Again,

One is speaking of Black ICE Defender and not our Corporate product.

/m
At 12:31 PM 9/13/00 +0000, Jonas wrote:
James Kelly wrote:
>
> I work at a major isp who will remain nameless and I see countless Blackice
> logs in my daily work.
> My gripes against it are:
> 1. It takes a computer with not many or no ports open and opens ports
to listen
> on them, thereby making your computer an attractive target for would-be
> attackers.
> 2. The logs it creates are nonstandard and difficult to get at. I need
to see
> src port and ip, destination port and ip and I don't want to see what
BlackIce
> interprets...The logs are also not very informative.
> 3. I've had many instances where BlackIce has misinterpreted a
traceroute or a
> ping for an attack.
>
> Frankly with all the talk on this list about "false positives" on scanning
> tools on this list, I'm surprised anyone knowlegeable enough to read
this list
> would buy such a low rent product....just my two cents worth though;_)

I also work for an (albeit small) isp.  We gave Blackice a shot, and
while I was not particularly impressed, it did accomplish one goal,
which was reassuring mgmt that a) things were being done to prevent
intrusion, and b) my job was worthwhile.

We got vast quantities of false positives, and, more frightening, it
took very little effort to produce false negatives.  I initially pushed
for a stronger system, but soon decided that I would leave that alone
and work out a local solution.  A pro-active approach to locking down
ports, periodic pen-testing (fortunately I have near free-rein in that
regard), and A few improvements of my own which are still in
development, are keeping us mostly safe, keeping me in a job, and not
killing us for cash.

Anyway, I figured that as a mgmt happy, Black Ice is cheap at the price.
--
Jonas

"Never mistake motion for action." --Ernest Hemingway


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]