The other side of that particular coin is Black Ice Defender. It's a host-based IDS that also reports back to a "Central Scrutinizer" (three anti-social points for the correct quote identification) for attack and attacker identification. Pretty slick toy. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, August 14, 2003 15:32 Subject: [isalist] Re: MS-Blast scripts http://www.ISAserver.org In short words, because it's already too late over here and I need a good boy's sleep: you're right. I took a glance at NAI's Intrushield which introduces a so called Virtual IDS. Of course, Intrushield is an IDS appliance and does other things than ISA, but the concept of virtual segments that are being monitored is appealing. Mark > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] > Sent: Friday, August 15, 2003 12:12 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: MS-Blast scripts > > > http://www.ISAserver.org > > > Hi Mark, > > Actually, you have a good point. The time is near when we > need an ISA like device on every system. That is, a smart > layer 7 sophisticated firewall. Not a pixoid packet filter, > but an ISA that can examine the application layer headers and > data. Microsoft is a software company, they understand > software, and layer 7 is all about app software. If anyone > can do it right, its going to be Microsoft. Cisco is good at > fast, but all that accomplishes is passing exploits faster > than anyone else. > > In fact, personal firewalls do perform such a function > already. But most of them, from my experience, cause more > problems than they fix. The exception, again in my > experience, is the unfairly maligned ICF. Its very > transparent and blocks unsolicited inbound requests. You have > to go out of your way to allow inbound connections, but at > least you can do that. > > (Check out the lamer "firewall feature" included with the > Windows Server 2003 RRAS. It'll block unsolicited inbound > requests, but you can forget about reverse NAT. ICF is more > sophisticated than the RRAS firewall > "service") > > The personal firewall needs to have a central policy, so that > you essentially extend the ISA features to the desktops and > other devices. The would also have reporting mechanism like > ISA and feed this information to the central reporting > system. You can see where I'm going with this! Servers would > also have a similar "satellite" firewall system. ISA can be > the hub firewall system that manages, reports, and updates > the satellite firewall systems. > > Sound good so far? > > :-) > Tom > > Thomas W Shinder > www.isaserver.org/shinder > ISA Server and Beyond: http://tinyurl.com/1jq1 > Configuring ISA Server: http://tinyurl.com/1llp > > > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')