Re: MS-Blast scripts
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 14 Aug 2003 15:54:07 -0700
The other side of that particular coin is Black Ice Defender.
It's a host-based IDS that also reports back to a "Central Scrutinizer"
(three anti-social points for the correct quote identification) for attack
and attacker identification.
Pretty slick toy.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, August 14, 2003 15:32
Subject: [isalist] Re: MS-Blast scripts
http://www.ISAserver.org
In short words, because it's already too late over here and I need a
good boy's sleep: you're right.
I took a glance at NAI's Intrushield which introduces a so called
Virtual IDS. Of course, Intrushield is an IDS appliance and does other
things than ISA, but the concept of virtual segments that are being
monitored is appealing.
Mark
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> Sent: Friday, August 15, 2003 12:12 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: MS-Blast scripts
>
>
> http://www.ISAserver.org
>
>
> Hi Mark,
>
> Actually, you have a good point. The time is near when we
> need an ISA like device on every system. That is, a smart
> layer 7 sophisticated firewall. Not a pixoid packet filter,
> but an ISA that can examine the application layer headers and
> data. Microsoft is a software company, they understand
> software, and layer 7 is all about app software. If anyone
> can do it right, its going to be Microsoft. Cisco is good at
> fast, but all that accomplishes is passing exploits faster
> than anyone else.
>
> In fact, personal firewalls do perform such a function
> already. But most of them, from my experience, cause more
> problems than they fix. The exception, again in my
> experience, is the unfairly maligned ICF. Its very
> transparent and blocks unsolicited inbound requests. You have
> to go out of your way to allow inbound connections, but at
> least you can do that.
>
> (Check out the lamer "firewall feature" included with the
> Windows Server 2003 RRAS. It'll block unsolicited inbound
> requests, but you can forget about reverse NAT. ICF is more
> sophisticated than the RRAS firewall
> "service")
>
> The personal firewall needs to have a central policy, so that
> you essentially extend the ISA features to the desktops and
> other devices. The would also have reporting mechanism like
> ISA and feed this information to the central reporting
> system. You can see where I'm going with this! Servers would
> also have a similar "satellite" firewall system. ISA can be
> the hub firewall system that manages, reports, and updates
> the satellite firewall systems.
>
> Sound good so far?
>
> :-)
> Tom
>
> Thomas W Shinder
> www.isaserver.org/shinder
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp
>
>
>
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
