RE: BlackICE IDS

[FMartins () pt imshealth com (Martins, Fernando (Lisbon))]

Hi2all

        "It should be pointed out that Mr. Graham is an employee of 
        Network Ice Corp. Obviously Marcus is from NFR and I am from
        Security Wizards. Having said that, I agree with most of the
        points he makes about BlackICE. "

Where i work we just sell information to the pharmaceutical industry ... so, no danger here about preferences =)
I agree with Ron when he say that we cant say that 'this' is better then 'that' ... i use to say that what really 
matters is the person who install and configure 'this' and 'that'.
And for that person the better product is the one he can manage better... like, there is no use to give a Ferrari when 
the guy never cross the 100 miles/hour, or the driver must learn how to drive safe at 250miles/hour before he even 
touch the Ferarri (note: i drive a diesel stantion wagon eheh). 
What i want so say is that many times the security problems and the security tests opinions are not about 
hardware/software, but about humans and their skills.

        "My largest concern is with BlackICE's marketing claims of 
        protecting the CEO's laptop with a packet based IDS. During 
        my past experience conducting many penetration tests and
        network security audits, targeting a CEO's computer usually 
        revealed completely shared out hard drives and similar 
        usernames and passwords. Adding an IDS to this situation 
        did not help much."

I agree again here. In my experience in technical support on CEO's PC's ... Ron cant be more right. Adding a IDS 
perhaps can help to see how many wrong things are made in a CEO PC, but it cant avoid much.

Kind Regards
Fernando Martins
fmartins () pt imshealth com
http://www.imshealth.com