Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Semerjian, Ohanes (Semerjian.Ohaneswcom.com.au)
Date: Wed Nov 28 2001 - 16:44:48 CST
with BI there are security level which have matrix to let u know what get
blocked/ not blocked. The best way to use BI as IDS is to choose security
level " trusting" and enable " auto-blocking ". What will happen is that u
have all ports will be open for in/out but when an attempt made to attacj
your system and it is been classified as serious (the signature that will be
auto-bloc is defined in a file called issueslist.csv) then the IDS component
will dynamically instruct the firewall component to block the source of the
attack and u will get alert also.
Pay attention to the four security level matrix that tells what
inbound/outbound ports will be blocked when u choose one (paranoya,critical,
cautious and trusting) This depend on what u want to achieve.
From: javier wilson [mailto:javierguegue.com]
Sent: Thursday, 29 November 2001 4:47
Subject: ip filters and blackice
I use w2k remote access policies to set ip filters for
my RAS clients. Since I installed the new version of BlackIce
defender (2.9cai) my ip filters no longer work. They would
only work if I stop the blackice service and will not work
once I start the service again.
I need both BlackIce for intrusion detection and ip filters
to restrict ras clients according to the options that the
remote access policies has.
Any of you has had a similar problem, or know if this is
a known problem/issue of blackice?