BlackICE Server Protection

1
BlackICE Server Protection
Stateful Firewall (Intrusion Detection)
Static Firewall (Advanced Firewall Settings)
Application Protection (Communications Control)
2
YOU
3
Resources Tools
Windows Update http//windowsupdate.microsoft.co
m/ Office Update http//office.microsoft.com/
MS Baseline Security Analyzer
http//www.microsoft.com/security/ NMap
http//www.insecure.org/nmap/nmap_download.html N
etstat c\netstat -a Well Known Ports
http//www.iana.org/assignments/port-numbers Blac
kIce http//blackice.iss.net/
4
Starting nmap V. 3.00 ( www.insecure.org/nmap
) Interesting ports on ALWYN (192.168.2.100) (The
1590 ports scanned but not shown below are in
state closed) Port State
Service 80/tcp open http
135/tcp open loc-srv
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
1027/tcp open IIS
3052/tcp open PowerChute
3372/tcp open msdtc
3389/tcp open ms-term-serv
Remote operating system guess Windows
2000/XP/ME Nmap run completed -- 1 IP address (1
host up) scanned in 7 seconds Starting nmap V.
3.00 ( www.insecure.org/nmap ) Warning OS
detection will be MUCH less reliable because we
did not find at least 1 open and 1 closed TCP
port Interesting ports on ALWYN
(192.168.2.100) (The 1461 ports scanned but not
shown below are in state closed) Port
State Service 135/udp open
loc-srv 137/udp open
netbios-ns 138/udp open
netbios-dgm 445/udp open
microsoft-ds 500/udp open
isakmp 1031/udp open
iad2 3456/udp open
IISrpc-or-vat Too many fingerprints
match this host for me to give an accurate OS
guess Nmap run completed -- 1 IP address (1 host
up) scanned in 15 seconds
5
Static Firewall Setup

• Allows always override denies
• Define allows to important networks
• or machines to avoid service interruption
• 2. Define denies to all ports
• 3. Define allows to specific ports for specific
• machines or networks
• 4. Remove general allows if necessary

6
ariadne.art-sci.udel.edu Win2K Server Member
Server Web Server
135 DCE Endpoint Resolution UD, Comcast85,
Nextel 137 NETBIOS Name Service UD,
Comcast85, Nextel 138 NETBIOS Datagram
UD, Comcast85, Nextel 139 NETBIOS SMB
UD, Comcast85, Nextel 445 TCP/IP SMB
UD, Comcast85, Nextel 500 ISAKMP
UD, Comcast85, Nextel 1058 NIM?
UD, Comcast85, Nextel 3372 MSDTC?
UD, Comcast85, Nextel 3389 Terminal Server
UD, Comcast85, Nextel 3456 HTTP RPC
UD, Comcast85, Nextel 6667 PowerChute
UD, Comcast85, Nextel 6668 PowerChute
UD, Comcast85, Nextel 9504 HTTP
Admin UD, Comcast85, Nextel
7
(No Transcript)
8
53 DNS UD, Comcast,
Nextel 80 DB Web AS,
Nextel 88 Kerberos UD,
Comcast, Nextel 123 NTP
UD, Comcast, Nextel 135 DCE Endpoint Resolution
UD, Comcast, Nextel 137 NETBIOS Name Service
UD, Comcast, Nextel 138 NETBIOS Datagram
UD, Comcast, Nextel 139 NETBIOS SMB
UD, Comcast, Nextel 389 LDAP
UD, Comcast, Nextel 443 HTTPS
AS, Nextel 445 TCP/IP SMB
UD, Comcast, Nextel 464 Kerberos
Change Password UD, Comcast, Nextel 500
ISAKMP UD, Comcast,
Nextel 593 HTTP RPC UD,
Comcast, Nextel 636 SSL LDAP
UD, Comcast, Nextel 1026 LSA or NTERM?
UD, Comcast, Nextel 1028 MS-LSA?
UD, Comcast, Nextel 1029 MS-LSA?
UD, Comcast, Nextel 1058 NIM?
UD, Comcast, Nextel 1059 NIM Reg?
UD, Comcast, Nextel 1068
Installation Bootstrap? UD, Comcast,
Nextel 1433 SQL Server AS,
Nextel 1434 SQL Monitor AS,
Nextel 1514 Fujitsu DTCNS? UD,
Comcast, Nextel 3268 Global Catalog
UD, Comcast, Nextel 3269 Global Catalog SSL
UD, Comcast, Nextel 3389 Terminal Server
UD, Comcast, Nextel 6667 PowerChute
AS, Nextel 6668 PowerChute
AS, Nextel 8177 HTTP Admin
AS, Nextel
isis.art-sci.udel.edu Win2K Domain
Controller SQL Server College Database Web Server
9
(No Transcript)