The first two sections below describe problems with our product
running on ICS machines. Following that are some benefits,
when it is properly set up.
Blocking Internet Access
Our product comes with a personal firewall that blocks
incoming traffic but allows outgoing traffic. For ICS to work,
the traffic must first come into the machine, then go out again.
Therefore, when Defender is installed, it appears to
block access to the Internet for these other machines.
You should ACCEPT the IP Address Range of your internal network.
You can do this from the BlackICE application.
Go to Tools, then Advanced Firewall Settings ....
In the Advanced Firewall Settings dialog box, add the IP address range of the network
segment behind the ICS server. For example, you may enter an IP address range that
looks something like: "192.168.1.2-192.168.1.254.
ACCEPTing the internal network range will ensure that the systems behind the
ICS system are not prevented
from going to the Internet. This will also ensure that BlackICE
will continue to perform intrusion detection on the traffic coming from the internal network.
Note that we do not recommend "Trusting" internal IP addresses because doing
so will instruct the BlackICE engine to stop performing intrusion detection on traffic
seen from the internal network. Hence, if a Trojan were to find its
way into one of the internal systems, the BlackICE IDS will not report it, because
the internal systems are trusted.
Benefits of running Defender on the ICS machine
When Defender is installed on a machine running ICS, it
will not only protect that machine, but all other machines
behind it.
More and more households have their own personal networks,
with the members of the household having their own computers.
These computers are all connected via an Ethernet
"local area network", and can share files, printers,
and a single Internet connection.
Typically, the Internet connection is managed by just
one of these computers, such as the new Win98 Internet
Connection Sharing feature. Installing our product
protects not only this machine, but all machines connected
through it to the Internet. An attack directed against any
of the other machines must first pass Defender's inspection
features.
Inter-home networking concerns
One serious security concern is to make sure that Internet
access to "File and Print Sharing" is disabled on the machine
directly exposed to the Internet. Home users want to
share files among their machine, but rarely put strong
passwords on their machines. This leaves their machines
open to Internet access. Upon installation, our product
will shut off Internet access to this feature,
which can sometimes affect local access. The best way
to re-enable it is to install the "NetBEUI" protocol from
Microsoft, which allows a local-only form of file sharing
that is not visible from the Internet.
