ICEpack and BlackICE Intrustion Protection

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

If you need to protect a PC or two at home, the individual personal firewalls work fine. But if you need to provide enterprise-level protection, you need a product that has reporting capabilities and centralized management. Consider ICEcap and BlackICE. ICEcap Management Console is used to deploy anti-hacker software to your enterprise without the overhead of individual installation and control. ICEcap can remotely install, update, manage and control the BlackICE Agents, Sentries, and Guards spread out over your entire enterprise. Any attack on your network, workstation, server, internal segment, WAN, or remote user, is reported to the ICEcap server for centralized analysis and reporting. ICEcap consolidates alerts, logs hostile activity, and forwards information to other applications, such as trouble-ticket systems, or alerts you directly on your pager or e-mail.

BlackICE agent installs on workstations and servers. BlackICE Sentry installs on a box on a 100MB segment and monitors for network intrusion attempts (there is a gigabit version). Check their products out at Network ICE Corp if you have to move beyond protecting individual boxes.

If you implement this or another enterprise solution, please let me know so I share your feedback
-Wayne Maples

After beginning my study of penetration testing and securing an NT network, I started a support page for others who need to protect their NT networks. For more information, see Tips for NT Administrators in the area of Penetration Testing, Hacking, and Intrusion Detection

See Also

Featured Links