License Note
The consumer Defender is not currently licensed for WinNT Server.
See Knowledge Base article q000021 for more
information.
Intrusion Detection Features
The primary value the product provides is its intrusion detection
and hacker identification features.
MS Proxy will tell you if packets are accepted or
rejected by the port filters; our product will tell you about
hacker activity and what it means, regardless of how you have filtering
set up.
MS Proxy will log all packets that failed to meet the port/address
filters. Our product adds the capability to analyze allowed traffic
for signs of intrusion. In this manner, if there is a bug in MS Proxy
or if the user has made a mistake configuring the firewall settings, then
our product will detect hackers trying to exploit these errors.
Our product will also analyze the incoming packets to a greater detail
than simple port/address information. For example, MS Proxy can only claim
that it dropped a UDP packet destined to port 31337,
but our product can make a conclusive diagnosis that the packet
is in fact a Back Orifice ping.
Our product also has the ability to do some limited backtrace on
the intruder, providing you more information about him/her.
Firewalling Features
MS Proxy comes with a more robust port filtering mechanism
than the one built into our consumer-level product. MS Proxy gives you a better user
interface, better integration with the proxying services,
and a finer degree of control with port/address filters.
If installing the product on MS Proxy, you should immediately
reconfigure the product to "Trusting".
On the other hand, in the event of a major intrusion where the
hacker has exploited a hole in the firewall, our product has the
ability to automatically set a new firewall rule that blocks
any further activity by the intruder.
Compatibility
There are no known incompatiblities between the products.
Summary
MS Proxy provides good firewalling capabilities. Our
product adds solid intrusion detection features that
act as a backup to the primary firewall.
Additional Information
There are some security concerns specific to MS Proxy that our product can help
with.
- source routing
-
Source routing can be used to compromise to attack the proxy
itself. Furthermore, if the system routes packets, source routing
can be used to reach the hosts behind the product, even if
they use non-routable addresses.
- .htr buffer overflow
-
If MS Proxy is used to reverse proxy, this bug can be used to
gain administrator rights on the server.
- RDO exploit
-
If MS Proxy is used to reverse proxy, this bug can be used to
gain administrator rights on the server.
- SOCKS bounce
-
If the LAT is misconfigured, the hacker can bounce attacks
through the SOCKS service.
- Proxy bounce
-
If the LAT is misconfigured, the hacker can proxy attacks
through your server.
