|
|
| |
|
|
| |
|
|
| |
|
.:::.who's online.:::.
|
|
There are currently, 2 guest(s) and 0 member(s) that are online.
|
|
|
|
|
BlackICE Defender
posted by: valv`0 on 30/09/2001 @ 12.54.02
|
BlackICE Defender is a unique Network/Internet security tool that combines a packet filtering personal firewall and an advanced Intruder Detection system. This may sound pretty technical but BlackICE is very easy to use and you don`t need any technical knowledge at all to configure it. You can simply choose your level of protection  from a menu and are ready to go, no further configuration is required. Even though this sounds almost too easy, do not mistake BlackICE as a "simple" tool. This product is what you could call "A wolf in a sheep`s coat" it offers a lot more tweaking "behind the scenes" if you require customized protection.
Who should use it? BlackICE Defender is designed for individual PCs and small networks (for corporate networks ICEcap and ICEpick can be added). If you use a cable modem, DSL etc. or use Windows file sharing over TCP/IP you should seriously consider protecting yourself since the dangers of an invasion are quiet significant. Dialup users, even though not quiet as vulnerable will benefit as well and receive complete protection from hack attempts, nukes and other common dangers. With other words, anybody that actively uses the Internet will be a lot safer with BlackICE Defender.
`Hacking` has become a very popular "sport" these days, most hackers are usually kids trying to impress their buddies. As this may sound harmless at first, you should not underestimate the damage that can be done to your system (file deletion, stealing of personal data, passwords, credit card information etc.) Those "hackers" do not get their ability from being smart or even advanced computer geeks - they simply use software that is freely available on the web. Using such hacker tools, even the most inexperienced user can cause serious damage to an unsafe system.
Why should they come to YOU? It happens purely at random, these guys use software that can scan an entire neighborhood in a matter of minutes, returning a handy list with all computers that are online and show signs of vulnerability - if you`re on that list, you may be in trouble. Not to mention what a criminal could do...
How does it work? BlackICE`s protection works in two different ways. First it acts as a personal firewall, that shields your computer against any probes from the outside and monitors all in/out traffic. The range of the shield is determined by the security level you choose. The highest security level (paranoid) will limit you to the very basic things of Internet communication while lower ones allow a wider range of interaction. Regardless of which level you choose, your protection from known attacks is never compromised. This is due to the fact that BlackICE uses a signature file that is frequently updated and allows it to detect suspicious or malicious traffic regardless of your protection level.
All intrusion attempts are rated in regards of severity and logged. If BlackICE detects a serious hack attempt it will automatically block all future traffic from that particular IP address, giving the intruder no chance to repeat or modify it`s attempt to compromise your system. In addition to logging all suspicious traffic, BlackICE Defender will trace the possible intruder to his/her IP address and even go as far as attempting to backtrace the connection to the machine`s NetBIOS, which may reveal the user name, MAC address and more.
The BlackICE difference There are several popular types of protection available, each has a different level of security. The so called "Port Monitors" will listen to several of the common hacker ports and report any connection attempts. These tools provide a very low level of security, since they do not actually defend intrusions, but merely "bait" them and then report to you with information on the attracted "intruder". Other than increasing your awareness they usually don`t offer much added security. Then of course there are the traditional Firewalls, they are based on a set of rules that need to be configured by the user, you should have extensive knowledge of networking security and protocols in order to program a traditional firewall. The third kind are the "Personal Firewalls" they are based on the same principle as a traditional firewall but they generate a large portion of the rules dynamically and automatic based on your needs. They often require no knowledge or just a modest understanding of networking in order to provide a relatively high level of protection.
BlackICE Defender combines the best features of those products into one easy to use application. In addition it is the only product that uses signature files to prevent known attacks and offers you a level of security that is based on the extensive knowledge of the Network ICE security experts, and does not rely on your ability to configure a firewall. [Read more here]
Example: BlackICE allows normal safe port 80 traffic to go into the web server. But, BlackICE Defender will detect that the buffer overflow exploit on port 80 is an attack, and will respond accordingly (including blocking all further communication with the suspected intruder)
At the same times it provides you with the most detailed tracking statistics and alerts about all attempts, increasing your awareness and giving you the opportunity to act upon consistent attacks by the same intruder by submitting the created evidence files (professional grade package logs) to the responsible administrator.
BlackIce Defender on a daily basis I started using BlackICE on the "nervous" level. It didn`t take too long for the first suspicious traffic to be logged, however they were marked as harmless contacts, caused by some common internet activity and did not present any kind of danger. Nevertheless, it is interesting to monitor and gives you a feeling for what`s going on while you`re online. Each time BlackICE logs an attempt or potentially dangerous connection, it`s tray icon will flash and provide you with details  if you click on it. To avoid being alerted for any minor "attacks", you can set the visual (or audible) alert to only trigger, based on the severity of the attempt. (this was added in v2.1). The interface will list all recent attacks and indicate the action that BlackICE has taken and if your system`s security has been compromised. During the almost 3 weeks I used BlackICE, it logged several critical attempts none of them severe enough to cause BlackICE to permanently block the user. Those attempts included several NetBIOS scans (trying to log into shared folders) a PCAnywhere scan (checking if they can connect to you if you have PCAnywhere software installed) and several other trojan specific port scans where some kid is checking if you are infected with a trojan horse virus that it can use to actually take complete control over your computer.
Those scans are completely harmless if your system does not offer any of the vulnerabilities, but can be completely devastating if they find a victim. No need to panic, but just to be aware of what`s going on in your area and make sure you keep your virus software updated and use common safety precautions. While the reporting is very informative, be sure not to get too exited, there is a handy button that links you to a page with details and possible causes for each kind of "attack". Keep in mind that you are very well protected and it is almost impossible for any casual hacker to penetrate the BlackICE Defender`s shield. Even though, you are able to see the attempts, the "hacker" in most cases does not even know that you exist because BlackICE "absorbs" all of his scanning attempts without returning any results to him - as far as he`s concerned you`re not even online.
Features for advanced users If you are an advanced user and familiar with networking protocols and firewall rules, there are many ways to completely customize your copy of BlackICE Defender. However this involves some editing of .ini files, which is well documented for commonly requested tweaks, but absolutely not required unless you are extremely "paranoid" or require very specific rules on your machine or network. The Network ICE web site provides you with detailed documentation on several tweaking options and editing procedures. BlackICE`s configuration dialog provides you with a few options, including the ability to add "trusted" IP addresses. If you have a personal firewall installed on your system, you can use BlackICE Defender in addition to it or replace it.
Overall
BlackICE Defender is widely recognized as probably the most capable Intrusion detection system for home or small network users, it provides a safe and extremely easy to use way to shield your computer from today`s online dangers. It`s unique features distinguish it from the competition and allow the average user to enjoy a safety usually only provided by complicated firewall setups.
The Network ICE team is actively improving the product and taking user suggestions into considerations. The Network ICE home page is an extensive resource for overall information on online security, it is often referred to by security sites for it`s content alone. You can spend hours there just learning about all common dangers in detail. Users will find online discussion boards, knowledge base and much more.
6/13/00 Version 2.1 adds some long awaited improvements to the user interface. It is now resizable and can be customized to display all of the information, formerly only available from the "attack.log". The tray icon can now be configured to only show attacks of a certain severity (the constant flashing was annoying to many users of the previous versions) Other improvements include automatic checking for updates, additional preference settings, network traffic indicator and automatic blocking of
Bottom Line:
 The most advance Intrusion Detector and Personal Firewall combination available on the market. It`s unique features distinguish it from the competition and allow the average user to enjoy a safety usually only provided by complicated firewall setups.
|
comments: (0)
|
|
|
url: http://www.networkice.com
|
|
|
|
| | |
|
|
| |
|
.:::.Login.:::.
|
|
Don't have an account yet? You can create one. As registered user you have some advantages like, comments configuration and post comments with your name. |
|
| |
|
|
|
