Wilders Security Forums  

Go Back   Wilders Security Forums > Security Products > other firewalls
Reload this Page Sygate with BlackICE
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old September 30th, 2003, 01:01 PM
Darkstar666
 
Posts: n/a
Default Sygate with BlackICE
I was just wondering if this was necessary to use both Black ICE and Sygate together. After being told that Sygates firewall can be shut down in 15 seconds, I want to add another layer of security. Also wondering how intrusion detection work...thnx!
  #2  
Old September 30th, 2003, 02:49 PM
rerun2 rerun2 is offline
Frequent Poster
  
Join Date: Aug 2003
Posts: 338
Default Re:Sygate with BlackICE
I would be interested to know if that person could really shut down Sygate in 15 seconds. I would be even more interested if this person could do it remotely without a RAT. Locally, cant you just shut down the sygate service by going to admin tools and services?

As far as Sygate and BID together, I do not think it is really necessary. While Sygate's IDS may not be as strong as BID's it is quite comprehensive. It identifies some commonly used RAT communication attempts, as well as some common exploits, and DDoS/DoS attacks. Many times the "firewall component" of Sygate will already block these attempts though.

IMO, rather than looking to layer your firewall with an IDS (on a single windows computer), you may want to look for one firewall that you are comfortable with configuring, and that offers good inbound packet filtering, and decent outbound protection/application control. You can then use programs like SSM or Regrun to further monitor programs that might try to disable your firewall or that might try to sneak by your firewall's outbound protection/application control. That way you have more than one way to protect from malware that is going outbound.

Look 'n' stop and Visnetic both have good packet filtering.

IMO I also think that Look 'n' stop is one of the harder firewalls to manipulate and shutdown by malware or "hacking." Bitguard should also be mentioned in this category as well. Both of which operate at quite low levels.

Network Intrusion Detection Systems work by analyzing traffic for well known patterns of attack. Some might look for fragmented packets, or invalid protocol behavior, or ip spoofing, or buffer overflows, or DoS attacks. Depending on how the IDS is configured it could either notify you of this event (maybe just through its log) or close the connection attempt completely. By identification of this event it might help you better configure your security setup. However, it should be noted that sometimes an IDS' signatures can be too sensitive/restrictive and also give you false information or restrict valid communication attempts.
  #3  
Old October 7th, 2003, 09:45 PM
Matt
 
Posts: n/a
Default Re:Sygate with BlackICE
I personally like running BI with ZA or NPF - they work well together. I assume Sygate would be ok.
 

Wilders Security Forums > Security Products > other firewalls « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 11:44 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums