PDA

Visualizza versione completa : Aggiornamento firewall Blackice


Puppauz
01-08-2003, 12.42.59
E' disponibile una nuova versione di Blackice, la 3.6.cbr (Y)

http://blackice.iss.net/update_center/index.php

Per aggiornare la propria versione, bisogna semplicemente scaricare il programma e avviarlo. ChiederÓ automaticamente se aggiornare la versione presente o installarlo ex-novo.
;)

IrONia
02-08-2003, 14.25.19
tnx;)



ciaoo:D:D:D

X-5
02-08-2003, 14.28.34
Lo ritenete superiore al NIS?

Puppauz
30-09-2003, 21.29.27
Non ho mai provato il NIS...
Approfitto del post per segnalare una nuova versione!
La 3.6.cbu

Queste le migliorie e le correzioni

- Updated code to detect and block new MS RPC vulnerabilities (MS03-029).
New issue ids: 2110027, MSRPC_Message_Que_Heap_BO
2110028, MSRPC_RemoteActivate_Path_BO

- Added code to detect and block an SSL vulnerability.
New issue id: 2113023, SSL_PCT1_Overflow

- Fixed a resource issue in the driver that causes a BSOD in some
environments with autoblocking disabled.

Qui il download:
http://blackice.iss.net/issEn/DLC/consumer/blackice_PC_Protection.jhtml
E qui maggiori informazioni:
http://blackice.iss.net/issEn/DLC/consumer/readme_pcp.txt

;)

The Saint
30-09-2003, 22.12.15
Grazie della segnalazione! :)

http://www.wintricks.it/news2/article.php?ID=3837


Sposto il thread in News... ;)

Puppauz
15-10-2003, 18.10.30
Nuovo aggiornamento!
E' uscita la versione 3.6.cbv scaricabile al momento solo tramite il men¨ aggiorna software del programma...
Sul sito di ISS purtroppo non ce n'Ú ancora traccia...
;)

Puppauz
30-10-2003, 09.20.15
Nuovo aggiornamento!
E' uscita la versione 3.6.cbx scaricabile al momento solo tramite il men¨ aggiorna software del programma...
Come al solito l'aggiornamento del sito Ú sempre in ritardo... :rolleyes:

Puppauz
05-12-2003, 00.55.21
Nuovo aggiornamento!
E' uscita la versione 3.6.cbz, al momento scaricabile solo tramite l'autoupdate, ma a breve sarÓ anche sul sito di ISS.
Queste le novitÓ
- Updated code to detect and block a vulnerability in the Microsoft Workstation Service. Refer to Microsoft bulletin MS03-049.
New issue id: 2110034, MSRPC_WksSvc_Mgmnt_Bohttp://blackice.iss.net/issEn/DLC/consumer/blackice_PC_Protection.jhtml
;)

Puppauz
31-01-2004, 00.28.29
E' uscito il 27 gennaio un nuovo aggiornamento del firewall
La nuova versione Ú la 3.6.ccb
Queste le novitÓ:
- Updated to detect and block attacks that use TCP to exploit the
Microsoft Workstation Service vulnerability described in MS03-049.

- Fixed an update loop that may occur when upgrading agents in machines
with Cisco VPN client installed.

- Fixed buffer overflow when using long filenames for evidence and packet logs.

- Fixed reported gaps of time in information captured in the Evidence log.

- Resolved an issue on the attack list configuration file size setting to
control the size of the file
http://blackice.iss.net/issEn/DLC/consumer/blackice_PC_Protection.jhtml
;)

Puppauz
27-02-2004, 09.40.48
Nuova versione 3.6.ccd del noto firewall datata 26 febbraio
Queste le novitÓ:
- Updated to detect and block attacks that cause a buffer overflow in
Check Point VPN clients and Check Point VPN-1.
New IssueID: 2110045,ISAKMP_Certificate_Request_Overflow
Refer to http://xforce.iss.net/xforce/xfdb/14150.

- Updated to detect an exploit of the ASN.1 vulnerability covered in
MS04-007.
New IssueID: 2120012,SSL_ASN1_Overflow

- Updated SMB parser. http://blackice.iss.net/issEn/DLC/consumer/blackice_PC_Protection.jhtml
;)

Puppauz
03-03-2004, 18.35.24
Nuova versione 3.6.ccf del noto firewall datata 2 febbraio
Queste le novitÓ:
Fixed a few false positives in ISAKMP blocking that prevent access to
some VPN servers.
http://download.iss.net/cgi-bin/download/getFile.pl/BIPCPSetup.exe?download=download.iss.net:eval/bipcprotection/BIPCPSetup.exe:Eval::::BIPCPSetup.exe

Puppauz
19-03-2004, 15.46.32
Nuova versione 3.6.ccg del noto firewall datata 19 marzo

Questi gli aggiornamenti:
- Added new network decodes :
HTTP_Nfuse_Script
HTTP_Abyss_Conf
HTTP_IExplorer_Cache_Exec
HTTP_SubscribeMe_Setup
HTTP_Mdaemon_Form2Raw_BO
Dameware_Obtain_Info
SIP_Contact_Overflow
Radius_AcctStatusType_Dos
STUN_Message
STUN_Message_Attribute
SMB_Exception
LDAP_Server_ASN1_Overflow
SSL_Malformed_Certificate
http://download.iss.net/cgi-bin/download/getFile.pl/BIPCPSetup.exe?download=download.iss.net:eval/bipcprotection/BIPCPSetup.exe:Eval::::BIPCPSetup.exe

;)

Puppauz
26-03-2004, 22.53.13
Nuova versione 3.6.cch datata 26 marzo.
L'aggiornamento Ú abbastanza importante!!!
Questo l'aggiornamento:
- Updated to correct a misconfiguration in the default settings that changed the default blocking and reporting behavior and may affect the level of protection provided by the product.
http://download.iss.net/cgi-bin/download/getFile.pl/BIPCPSetup.exe?download=download.iss.net:eval/bipcprotection/BIPCPSetup.exe:Eval::::BIPCPSetup.exe

;)

Puppauz
15-04-2004, 23.27.03
Nuova versione 3.6.cci rilasciata oggi stesso
Queste le novitÓ
- Updated to detect a Microsoft LSASS vulnerability.
- Updated driver to fix potential blocking issues.

Per il link guardare il messaggio sopra...
;)

Puppauz
28-04-2004, 20.13.25
Nuova versione 3.6.ccj rilasciata oggi
Queste le novitÓ
- Updated to extend detection and blocking of a SSL PCT1 vulnerability covered in MS04-011.
IssueID: 2113023, SSL_PCT1_Overflow
Refer to http://xforce.iss.net/xforce/xfdb/12380Per il link guardare i messaggi sopra...
;)

Puppauz
02-05-2004, 22.57.30
Attenzione...
L'aggiornamento 3.6.ccj Ú stato ritirato (non Ú pi¨ scaricabile) dopo poche ore dalla sua messa online...
La versione ufficiale al momento rimane la 3.6.cci
...ma io ora che me ne faccio della 3.6.ccj che ho installato appena uscita??? boh...

Gervy
02-05-2004, 23.05.24
infatti, controllavo se usciva ufficialmente ma nada

Puppauz
14-06-2004, 20.43.43
E' uscita la nuova versione 3.6.cnj del noto firewall che include dei grossi cambiamenti
DESCRIPTION
================================================== Enhancements

This release includes a new driver for Windows XP and for Windows
2000 that improves the quality of the product and the speed with which
ISS can deliver updates.

Bug Fixes

This release includes the following fixes for all supported
platforms:

- Resolved an issue with the Intel VPN client that caused the
engine to fail to start after the system was turned on.

- Resolved an issue that caused the agent to falsely enforce the AV
policy, which resulted in the display of the default blocking
message.

- Resolved an issue where update.ini was deleted in the root
folder of the agent after an update. This caused a full package
to download on the next version update.

- Resolved issue with Agentremove.exe that did not always remove
the old shortcut to blackice.exe in the Windows startup folder.
This caused two icons to appear in the system tray after the
reinstallation completed.

- Resolved an issue where a false positive on the Checkpoint HTTP
detection caused the driver to incorrectly block in a Novell
environment.

- Resolved an issue whereby a computer that was moved to a different
network while in hibernation or standby mode did not change its
policy to reflect the new network connection when the system came
out of hibernation or standby.
http://download.iss.net/cgi-bin/download/getFile.pl/BIPCPSetup.exe?download=download.iss.net:eval/bipcprotection/BIPCPSetup.exe:Eval::::BIPCPSetup.exe
;)

Puppauz
15-07-2004, 19.59.51
Nuovo versione disponibile di Blackice, la 3.6.cnk
Bug Fixes

This release includes the following fixes:

- Resolved an issue where a scan of BlackICE running on the
Windows 2000 and Windows XP platforms shows TCP ports 0 and 1
as closed instead of stealth.

- Resolved an issue that could cause a blue screen crash when opening
or closing a network adapter.

- Resolved an issue that could cause a blue screen crash on system
startup. ;)

Puppauz
04-08-2004, 18.03.22
Nuovo aggiornamento per BlackIce, arrivato alla versione 3.6.cno
Bug Fixes

This release includes the following fixes:

- Resolved an issue that could cause a blue screen crash on certain
systems.

- Resolved an issue where an agent with ICE_ADAPTER enabled might
become unresponsive when processing an unusual request. ;)

Puppauz
31-08-2004, 08.51.58
Nuovo aggiornamento di BlackIce alla versione 3.6.cnq
Queste le modifiche:
Bug Fixes

This release supercedes BlackICE 3.6.cnp. This release includes the
following fixes for all supported platforms:

- Additional changes to resolve an issue where the agent may block a
dialup network adapter immediately after connecting.

- Resolved an issue where the agent could crash a system with low
available memory.
;)

Puppauz
21-09-2004, 23.54.06
E' uscita da pochissimo la nuova versione 3.6.cnr
Le nuove modifiche sono:
Bug Fixes

This release includes the following fixes for all supported platforms:

- Resolved an issue where a Packet Initialization error may cause the
firewall/IPS component to fail.

- Resolved an issue where the agent may cause system logon to hang.

- Additional changes to resolve an issue where invalid configuration
file entries may crash the firewall/IPS component. ;)

Puppauz
27-09-2004, 16.25.03
Nuova release del firewall, la versione 3.6.cns
Security Content Updates
---------------------------------------------------------------
- Modified algorithms in PAM to simulate Microsoft Windows client processing of images. See the following URL: http://msdn.microsoft.com/library/default.asp?url=/workshop/networking/moniker/overview/appendix_a.asp

- Corrected an inefficiency in the SMTP protocol parser in PAM that was introduced with BlackICE 3.6.ENR.

Other Updates
none

Other Bug Fixes
none

Event Blocking Notes
---------------------------------------------------------------
- Blocking for Image_JPEG_Tag_Overflow was enabled by default.
In questa versione non ci sono bugfixes, ma attuano solo delle misure preventive contro il bug di Microsoft riguardante dei buffer overflow sfruttabili tramite immagini caricate dal browser
;)

Gervy
27-09-2004, 19.23.21
porc avevo appena segnalato la cnr :S

grazie come al solito Puppauz

Puppauz
27-09-2004, 19.45.57
Originariamente inviato da Gervy
porc avevo appena segnalato la cnr :S

grazie come al solito Puppauz Ho visto in home... ;)
Comunque se aggiornano spesso sono contento, vuol dire che stanno dietro ai problemi che si possono presentare! :p

Puppauz
15-10-2004, 14.32.18
Nuova release di BlackIce, la versione 3.6.cnu
Questi i cambiamenti:
Bug Fixes

This release includes the following fixes for all supported platforms:

Corrects an issue in the issuelist.csv from 3.6.cnt in which the issuelist.csv had inadvertently removed response options from the 'impact' field resulting in blocking becoming disabled for default blocked signatures.

NEW SIGNATURES ADDED IN THIS RELEASE
=====================================
New Events

SecChkID ProductCheckName Event Type Risk Level
-------- --------------------------------- 3340 TrojanCow_TCP_Request Unauthorized Access Attempt High
13889 HTTP_Yahoo_YAutoDLL_BO Unauthorized Access Attempt High
15147 NOSecure_TCP_Request Unauthorized Access Attempt High
15634 WinMX_Download Protocol Signature Low
15741 Phoenix_TCP_Response Unauthorized Access Attempt High
16044 HTTP_CrystalReports_FileAccess_DoS Denial of Service High
16269 HTTP_AresGalaxy Protocol Signature Medium
16360 HTTP_Squid_NTLM_Password_Bo Unauthorized Access Attempt High
16429 HTTP_ApcRunner_ExecuteCode Unauthorized Access Attempt Medium
16504 SMTP_BDAT_Large_Chunk Suspicious Activity Low
16556 MSRPC_NetDDE_Bo Unauthorized Access Attempt High
16604 MySQL_Check_Scramble_Auth_Bypass Unauthorized Access Attempt Medium
16696 SMS_Remote_Service_DoS Denial of Service Low
16857 HTTP_IE_Style_Heap_BO Unauthorized Access Attempt High
16889 HTTP_Apache_ServerStatus Pre-attack Probe Medium
16890 HTTP_Apache_ServerInfo Suspicious Activity Medium
17590 Kika_TCP_Request Unauthorized Access Attempt High
17590 Kika_UDP_Request Unauthorized Access Attempt High
17620 HTTP_IE_InstallEngineCtl_Overflow Unauthorized Access Attempt High
17621 DNS_Windows_SMTP_Overflow Unauthorized Access Attempt High
17622 IP_Invalid_Option Suspicious Activity High
17623 IP_Tunnel_Bad_Version Suspicious Activity High
17624 MS_Compressed_Folders_Overflow Unauthorized Access Attempt High
17625 SMTP_Nondeliverable_Notification Protocol Signature Low
17641 Windows_NNTP_Overflow Unauthorized Access Attempt High
17644 HTTP_ASP_Security_Bypass Unauthorized Access Attempt Medium



Security Content Updates
------------------------------------------
- A false positive in SMB_Malformed was corrected. It incorrectly triggered on an NT_Create_ANDX request when the filename was not null terminated.
- A false positive in DNS_Malformed_CompressedName was corrected.
- Email_Potiential_BO_Attachment no longer triggers on PDF attachments.
- Blocking of JPEG signatures in Proventia G has been enhanced.
- A bug in the processing of pam.hsrp.defaultpassword.interval tuning parameter was corrected.
- A bug in the processing of pam.flood.cisco.ios.ospf.* tuning parameters was corrected.
- SMB_Empty_Password was changed to report only when when a login is successful.
- Some SNMP false positives were corrected by adding deterministic logic which monitors acive SNMP hosts that routinely trigger SNMP events.
- Changed HTTP_Shell_Handler_Executable from an AUDIT to an ATTACK.

Other Updates
- HTTP_IE_HRAlign_Overflow was deprecated. HTTP_IE_Script_HRAlign_Overflow replaces this signature.
- DNS performance was improved.
- IRC performance was improved.
- SMTP performance was improved.
- User defined event processing performance was improved.
- Oracle_ToChar_Bo broken link in online help was corrected. ;)

Puppauz
11-11-2004, 22.03.14
Rilasciata oggi la versione 3.6.cnw
Queste le novitÓ:
This release of BlackICE Agent for Server contains 15 new events, 10 security content updates and 102 new blocking responses.

This is a cumulative update.


1. New Events For 3.6.enw

IssueID SecChkID ProductCheckName Event Type Risk Level
------- -------- -------------------------------------- ---------
3113017 2358 SMB_Empty_Password_Failed Suspicious Activity High
2121000 8359 SQL_MultipleXP_Overflow Suspicious Activity High
2107035 13153 MySQL_User_Password_Overflow Unauthorized Access Attempt High
2110057 13405 HTML_IRC_URL_Overflow Unauthorized Access Attempt High
2113158 15119 WoW23_TCP_Response Unauthorized Access Attempt High
2104050 16581 Image_EMF_Integer_Overflow Unauthorized Access Attempt High
2118005 17320 SMB_Abel_Backdoor Unauthorized Access Attempt High
2107034 17370 Email_VCF_Mozilla_Overflow Suspicious Activity High
2107033 17378 HTTP_Mozilla_Nonascii_URL_BO Suspicious Activity High
2121002 17515 POP_YPOPs_Overflow Unauthorized Access Attempt High
2113157 17528 WarTrojan_TCP_Request Unauthorized Access Attempt High
2121001 17810 HTTP_Html_In_Ref Suspicious Activity Medium
2107036 17889 HTTP_IE_IFrame_BO Unauthorized Access Attempt High
3118002 17897 IPv6_Teredo Suspicious Activity High
2102050 17970 Image_JPEG_Malformed Unauthorized Access Attempt Low


2. Security Content Updates in 3.6.enw
---------------------------------------------------------------
2.1 Microsoft_Windows_Shell_Banner was updated to recognize more windows command shell banners.
2.2 Removed a false positive in OSPF_Null_Authentication.
2.3 Removed an error in the reporting mechanisim for IP_Bad_Tunnel_Version wherein the event would report more times than necessary.
2.4 Added ".wri.rtf" to the double extensions list for email double extension signatures.
2.5 HTTP_URLScan was not working as designed. The algorithm was corrected to match the documented algorithm.
2.6 Removed an error in the reporting mechanisim for DNS_Windows_SMTP_Overflow wherein the event would report more times than necessary.
2.7 Removed a false positive in DNS_Windows_SMTP_Overflow.
2.8 Adjusted HTTP_ASP_Security_Bypass for better performance.
2.9 The SMTP parser in PAM was adjusted for performance improvements.
2.10 A potential infinite-loop bug in PAM was removed. :)

Dark!
12-11-2004, 08.27.38
Pup..... Vorrei provarlo.. Dammi per˛ un tuo giudizio..... E' migliore dei vari fw free tipo Kerio o Sygate? :)

d!

Puppauz
12-11-2004, 09.04.38
Non ti posso fare il confronto perchŔ prima di questo ho usato solo ZoneAlarm (Ŕ passato molto tempo)...

E' forse un po' pi¨ complicato da configurare rispetto ad altri, per˛ protegge bene e non mi ha dato quasi mai problemi.

Un unico difetto, che non capisco cosa aspettino a sistemarlo, riguarda la cartella "hosts" del firewall.
In questa cartella viene scritto un file di testo di circa 1 KB, per ogni ip che produce un evento sospetto.
Se la suddetta cartella non viene svuotata abbastanza frequentemente, poi fai fatica a ripulirla, perchŔ ti vieni a trovare con una marea di piccoli file di testo che mandano in crisi explorer...

:)

Dark!
12-11-2004, 09.18.33
Originariamente inviato da Puppauz
Non ti posso fare il confronto perchŔ prima di questo ho usato solo ZoneAlarm (Ŕ passato molto tempo)...

E' forse un po' pi¨ complicato da configurare rispetto ad altri, per˛ protegge bene e non mi ha dato quasi mai problemi.

Un unico difetto, che non capisco cosa aspettino a sistemarlo, riguarda la cartella "hosts" del firewall.
In questa cartella viene scritto un file di testo di circa 1 KB, per ogni ip che produce un evento sospetto.
Se la suddetta cartella non viene svuotata abbastanza frequentemente, poi fai fatica a ripulirla, perchŔ ti vieni a trovare con una marea di piccoli file di testo che mandano in crisi explorer...

:)

Capit!

Dimmi solo se per te Ŕ un prodotto valido e poi procedo :)


d!

Puppauz
12-11-2004, 14.54.02
Per me Ŕ un prodotto pi¨ che valido, lo usiamo anche in ufficio...
;)