Network Security Article Clarification

Subject: Network Security Article Clarification
From: Andrew Plato <intrepid_es -at- yahoo -dot- com>
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Wed, 5 Dec 2001 12:18:56 -0800 (PST)

I just realized there is a slight technical error in my article on network
security posted today on the TECHWR-L site:

In the article I refer to three different "intrusion detection products"
including ZoneAlarm, Norton Personal Firewall, and BlackICE.

Technically, ZoneAlarm and Norton Personal Firewall are NOT intrusion
detection products. They are personal firewalls.

Only BlackICE is a true intrusion detection system (IDS) on par with
something like Snort (an open source IDS) or RealSecure.

This is an important distinction, one I did not make clearly in my
article. A distinction that my nitpicking geek friends quickly pointed
out. May they all catch a scorching case of jock itch.

Zone and Norton (as well as Tiny Firewall) are all simple firewalls. That
is they block traffic en mass based on a set of rules. Zone could actually
be more accurately referred to as an application gate, since it does its
firewalling based on what programs are trying to access the network.

BlackICE on the other hand actually monitors network traffic and does
stateful packet inspection and protocol analysis (I should know, I wrote
all the docs on this product). BlackICE actually looks for hacking
attempts. Where as Zone and Norton just stop traffic on blocks of ports.
BLackICE can also block ports, but it adds an IDS feature.

I know this sounds like some esoteric technical hairsplitting, but it
actually is a big difference (at least to security dorks like me). There
are a lot of companies out there selling "intrusion detection" products
when in fact their technology is basically nothing more than a firewall
with some bells and whistles. True IDS'ing is actually a very complex and
difficult thing to do and requires a fundamentally different technology.

Which of course I could describe in detail and bore the hell out of all of
you. But I won't do that.

Now, all in unison: Andrew is a moron! :-)

Andrew Plato

Do You Yahoo!?
Send your FREE holiday greetings online!

Collect Royalties, Not Rejection Letters! Tell us your rejection story when you
submit your manuscript to iUniverse Nov. 6 -Dec. 15 and get five free copies of
your book. What are you waiting for?

Have you looked at the new content on TECHWR-L lately?
See and check it out.

You are currently subscribed to techwr-l as: archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit for more resources and info.

Previous by Author: Re: Bringing in the leads--contract work
Next by Author: Re: Network Security Article Clarification
Previous by Thread: Common font family in Word, Frame and Unix?
Next by Thread: RE: Network Security Article Clarification

What this post helpful? Share it with friends and colleagues:

Sponsored Ads