with BI there are security level which have matrix to let u know what get
blocked/ not blocked. The best way to use BI as IDS is to choose security
level " trusting" and enable " auto-blocking ". What will happen is that u
have all ports will be open for in/out but when an attempt made to attacj
your system and it is been classified as serious (the signature that will be
auto-bloc is defined in a file called issueslist.csv) then the IDS component
will dynamically instruct the firewall component to block the source of the
attack and u will get alert also.

Pay attention to the four security level matrix that tells what
inbound/outbound ports will be blocked when u choose one (paranoya,critical,
cautious and trusting) This depend on what u want to achieve.

Best Regards

Ohanes Semerjian
-----Original Message-----
From: javier wilson [mailto:javierguegue.com]
Sent: Thursday, 29 November 2001 4:47
To: focus-idssecurityfocus.com
Subject: ip filters and blackice

I use w2k remote access policies to set ip filters for
my RAS clients. Since I installed the new version of BlackIce
defender (2.9cai) my ip filters no longer work. They would
only work if I stop the blackice service and will not work
once I start the service again.

I need both BlackIce for intrusion detection and ip filters
to restrict ras clients according to the options that the
remote access policies has.

Any of you has had a similar problem, or know if this is
a known problem/issue of blackice?

javier wilson

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]