BlackICE Server blocking LAN Logins

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Is there a way to configure BlackICE Server Protection (configured
with the 'Paranoid' firewall, which has been proven to be mandatory
due to the number of security breaches we suffered with less stringent
settings) to permit local workstations to avoid being blocked when
logging into the LAN's DHCP server?

I have excluded our internal LAN's IP range
(192.168.0.0-192.168.0.100) from BlackICE's Intrusion Detection and
added the same IP range as a 'Trusted' entry to the Advanced Firewall.
But, unless I STOP the BlackICE engine, whenever a workstation tries
to login to the server, they get an internal IP (169.xxx.xxx.xxx) and
are unable to access the LAN.

I searched iss.net's knowledgebase, but did not find anything
relevant.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

freddydynip@yahoo.com (Fred Jones) wrote in
news:a071bfb3.0408072230.6fccedae@posting.google.com:

> Is there a way to configure BlackICE Server Protection (configured
> with the 'Paranoid' firewall, which has been proven to be mandatory
> due to the number of security breaches we suffered with less stringent
> settings) to permit local workstations to avoid being blocked when
> logging into the LAN's DHCP server?
>
> I have excluded our internal LAN's IP range
> (192.168.0.0-192.168.0.100) from BlackICE's Intrusion Detection and
> added the same IP range as a 'Trusted' entry to the Advanced Firewall.
> But, unless I STOP the BlackICE engine, whenever a workstation tries
> to login to the server, they get an internal IP (169.xxx.xxx.xxx) and
> are unable to access the LAN.
>
> I searched iss.net's knowledgebase, but did not find anything
> relevant.
>

If you're using a Win 2K or Win 2K3 Server, then you could look into
using IPsec to supplement the protection of BlackIce. And BlackIce will
report on what IPsec is doing to protect the machine, if you have logging
enabled and are using VisualIce (free) to view the logs.

http://www.microsoft.com/technet/itsolutions/network/security/ipsecld.msp
x

The AnalogX SecPol file will provide the protection.

http://www.analogx.com/contents/articles/ipsec.htm

If you use *Trusted* in the rule, then the IDS is turned off on the rule.
You should use *Accept* on the rule which turns on the IDS for the rule.
And yes, you should have BI rules for the DHCP IP(s) that can access the
machine. You can set the rule so that the DHCP IP(s) are for All Ports.

Using IPsec on the machine, you should be able to lower the protection
level of BlackIce and still have the IDS functioning properly and the
server should be protected.

HTH

Duane

 

[Guest]

<a href=http://acai-berry-select.webs.com/>Acai Berry Select Ingredients</a> Dieting place is crucial was in fact much different at the most weight loss programs. You'll be able to arrangement mental performance with this: no more this process core phase is similar to a used car this is exhaust gasoline. Doing it begins to sputter, aiming to exploit just about every single keep working tumble involved with petrol merely managed with. While you fill it up with a lot more the price of gasoline, unquestionably the engine begins to managed slickly yet again.
<a href="http://acai-berry-select.webs.com/">Acai</a>

 

[Pyree]

This topic has been closed by Pyree