BlackICE is a simple firewall software, although you can not expect him to resist attacks such as DDoS, but to resist the ignorant of the guy is still qualified. The important thing is that he has a server version that can become a service run.
Originally this software setup is very simple, but still people are asking, had to be a hero to meet their own vanity.
This does not need to say anything, please see clearly, please use the server Edition when running the servers.
Please note that unless you know very well and can easily control the machine, you should choose "
apoff", which is the effect of monitoring the running program (including DLL), if you choose "AP on" Here? The scenery Cang Bashan 驜 lackice will scan your system once, Record all executables, if later he finds that there are new executables that have not been recorded, or that the files that were recorded are changed (by the attacker), and he will refuse to run according to the default settings. In general, his first run is likely to refuse your remote management software to run, so it is particularly recommended that novice select "
APoff."
In the subsequent installation process, all is next.
Configuration of BlackICE
First we go to the configuration menu
In the firewall option, select to block all untrusted links (paranoid). Simply put, all actions without special settings are denied, and links that are not required by servers such as NetBIOS are prohibited. Basically according to the following figure set on it.
On the Notifications menu, select Automatic Update notification (update notifications), the recommended setting is one day check (the following is a 3-day check).
If BlackICE finds a new version, it will appear in the upper-right corner, look at the red circle, and recommend updating as soon as a new version is found.
Finally, in the "intrusion detection" to do additional pass settings, individual systems such as Dvbbs sometimes trigger BlackICE false, error interception User IP, encounter this situation, please check the log file to check what activated interception and in the "intrusion Detection "allowed to pass. The following figure is one of the actions that Dvbbs one of the BlackICE to trigger a false beep.
First of all, go to the Setup menu.
The basic rationale for security is to allow only certain actions to be allowed, and all other actions are rejected.
The following is a demonstration setting for port 80 (which allows all IP to access the specified port through the TCP protocol).
The following is an example of a specified port that allows only IP access.
If you need to allow an IP segment to be accessible, you can set it to "1.1.1.1-2.2.2.2" in the "IP" setting, as well as a port segment. You can also use the same settings to prohibit an IP or an IP segment to prohibit access to your server, only in the "All Addresse" Select the IP you want to shield, "Type" select "IP", "Mode" select "Reject", "Duration of rule" Choose the time you want to block.
Supplemental common ports and protocols
CS (anti-terrorism) 27015 UDP
BlackICE Simple Applications (20050723 supplements)
F: Space user is blocked by ban or web operation
Q:blackice had autoblock set, and he was in
The "Enable auto-blocking". If you really think he is annoying, you can consider to remove the front of the hook, BlackICE will no longer active automatic shielding, but generally do not recommend this. Similarly, if you choose to open this option, then you have to be prepared for a strategy that you or one of your users will be auto-block out of when you don't anticipate it.
The autoblock is automatically raised by the Blockice security policy when Blockice considers a user (IP) connection ( possibly FTP, web for example, deleting an article in an ASP forum, or any other action ) Is suspected of unsafe action and within a specified time period exceeding BlackICE safety valve value, Blockice will automatically block off the IP 24 hours. Therefore, if you have no way to predict whether your users will be able to trigger blockice action, I suggest you tell him in advance "if not connected to the server, consider a public network IP, such as redial."
If you need to manually dismiss the autoblock's individual settings, you can follow these steps
Select "Advanced Firewall Settings"
Select the mask you need to contact and click "Delete".
In the figure above, you can see that "Owner" for "Auto" is the Blockice automatic shielding, "Bigui" is the user manually set.
If you think that a security policy is unnecessary and often mistakenly interferes with user action, you may consider closing the policy directly.
First, find out what policy triggers the shield
Select the action to intercept and click "Event Info" to eject an IE window, which is an ISS description of the type of attack
The page has a more detailed description of the attack, and it is advisable to see if it is harmless. If you're sure you want to stop the policy, make a note of the page number (for example, 217033 above), and then
