TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
In the article I refer to three different "intrusion detection products"
including ZoneAlarm, Norton Personal Firewall, and BlackICE.
Technically, ZoneAlarm and Norton Personal Firewall are NOT intrusion
detection products. They are personal firewalls.
Only BlackICE is a true intrusion detection system (IDS) on par with
something like Snort (an open source IDS) or RealSecure.
This is an important distinction, one I did not make clearly in my
article. A distinction that my nitpicking geek friends quickly pointed
out. May they all catch a scorching case of jock itch.
Zone and Norton (as well as Tiny Firewall) are all simple firewalls. That
is they block traffic en mass based on a set of rules. Zone could actually
be more accurately referred to as an application gate, since it does its
firewalling based on what programs are trying to access the network.
BlackICE on the other hand actually monitors network traffic and does
stateful packet inspection and protocol analysis (I should know, I wrote
all the docs on this product). BlackICE actually looks for hacking
attempts. Where as Zone and Norton just stop traffic on blocks of ports.
BLackICE can also block ports, but it adds an IDS feature.
I know this sounds like some esoteric technical hairsplitting, but it
actually is a big difference (at least to security dorks like me). There
are a lot of companies out there selling "intrusion detection" products
when in fact their technology is basically nothing more than a firewall
with some bells and whistles. True IDS'ing is actually a very complex and
difficult thing to do and requires a fundamentally different technology.
Which of course I could describe in detail and bore the hell out of all of
you. But I won't do that.
Now, all in unison: Andrew is a moron! :-)
Andrew Plato
__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online! http://greetings.yahoo.com
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Collect Royalties, Not Rejection Letters! Tell us your rejection story when you
submit your manuscript to iUniverse Nov. 6 -Dec. 15 and get five free copies of
your book. What are you waiting for? http://www.iuniverse.com/media/techwr
---
You are currently subscribed to techwr-l as: archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit http://www.raycomm.com/techwhirl/ for more resources and info.
