Introduction to the use and setting of the network security tool software BlackICE)
BlackICE won the PC Magazine technical excellence award in year 99. Experts commented on it: "For home users without firewalls, BlackICE is an indispensable line of defense; for enterprise networks, an additional protection measure is provided. Instead of replacing the firewall, it blocks intruders attempting to pass through the firewall. BlackICE integrates a powerful detection and analysis engine to identify more than 200 intrusion techniques. It provides comprehensive network detection and system protection. It also monitors Network Ports and protocols in real time, intercept all suspicious network intrusions, no matter how hard the hacker is to harm your system. It can also record the NetBIOS (WINS) Name, DNS name, or the IP address currently used by the hacker to take further action. BlackICE does not provide privacy protection, AD blocking, and other functions.
Download
You can search for the keyword "BlackICE download" on google. The software installation requires an authorization code. The latest version of BlackICE is 3.6cns and the website address is www.iss.net. The Kingsoft Software Forum provides detailed illustration and instructions.
Install
During the installation process, you should be aware that you will be asked if you choose Application control (this function can prevent the invasion of unknown viruses and trojans from program running to Internet requests) on or off. If you select on, after the installation is complete, the program in the hard disk will be scanned for about 10 to 30 minutes to create an application database. When this setting is enabled, BlackICE will remind you whether to allow the installation or execution of new software. And when your program file is modified, it will issue a warning. After the installation is completed and started, BlackICE will appear on the system tray.
About Chinese
Firewall is related to system security. Because the Chinese version may cause unknown errors, resulting in vulnerabilities or unstable software operation, it is best to use the original English version.
Use
The program interface is quite simple. Provide some basic information in the Events tag window, such as the intrusion time, action, and IP address of the intruder. You can right-click an intruder to perform operations such as trust and block. The yellow question mark in each message is suspicious, and the orange and red exclamation points are very definite attacks. As long as there is a black oblique barrier on the icon, it indicates that the interception is successful. BlackICE attempted to intercept the gray oblique barrier during the attack, but some data may still penetrate the firewall. Provides more detailed information about Intruders in the Intruders window and graph statistics in the History window.
Basic settings
1. Tools --> Edit BlackICE Settings
1. Select the Protection Level in Firewall and set the Protection Level to the first item: Paranoide. In the following three single partitions, only Enable auto-blocking is retained, automatic intrusion prevention), and other functions can be disabled (Tip: handle exceptions as needed)
2. Packet Log and Evidence Log
3. Notification: Set a warning. We recommend that you disable the sound reminder and enable the icon reminder.
2. Tools --> Advanced Firewall Settings
Click "Add" at the bottom of the dialog box to open or close a port. Ports 137, 138, and 139 are disabled by default.
To use the borderless browser software, you 'd better open port 9666. The method is as follows:
Press the "Add" button to bring up the "Add Firewall Entry" dialog box,
Enter any Name in the "Name" column, for example, Port9666
Enter 127.0.0.1 in the "IP" column.
Enter the number "9666" in the "Port" column"
Select "TCP" in the "Type" column, "Mode" Select Accept, and "Duration of Rule" select Forever.
Click "OK. In this way, the rules that allow port 9666 to pass are added.
I can connect to v6.3.1 without adding this rule, but it is very slow and the connection speed is 0.0%. After this rule is added, the connection and download speed are immediately restored to normal (although the connection speed is still 0.0%, the connection research speed is sometimes 0.0%, and sometimes normal ).
Similarly, for freegate software, port 8567 needs to be opened (otherwise it may not be connected), the same method is used.
If Application control is enabled, BlackICE first intercepts freegate or ultraSurf and selects "Continue" to allow access.
You can use the default method for other settings.
Online Testing:
The following are some website addresses that provide online test of computer security defense performance (real IP addresses are required, that is, proxy software such as ultraSurf cannot be used during testing, because the online test method is to connect your IP address to scan your system port), my test shows that the security level is significantly different before and after installation.