ISS RealSecure Desktop Protector
ISS RealSecure Desktop Protector is the enterprise protection tool based on the home-user-focused BlackICE Defender, which has been retained as the name for the SOHO version. The install from the downloaded version was very simple and took only a few minutes. The intrusion detection system was turned on by default to give immediate protection.When we conducted the port scan using the default settings, the system tray icon flashed, but no other warning was given. The port scan was fairly successful, revealing ports 135, 139, 427, 445, as well as 1025. This was a little disappointing, as all of these were normally visible on this machine, except 1025, which is used for remote management of the software.
When we loaded the system up with the jolt2 ping test, the system logged all the incoming packets, but did not really stop them—acknowledge (ACK) packets were being sent, though only a few. All packets were logged as Unknown IP protocol, and the attack even triggered an ICMP flood warning from the system itself.
All other tests—connection to a Windows file share, Web surfing, and reading mail—were not even noted by the software. Configuration of the software was quite simple. There are four protection levels:
• Trusting: allow all inbound traffic (which is the default)
• Cautious: block some unsolicited inbound traffic
• Nervous: block most unsolicited inbound traffic
• Paranoid: block all unsolicited inbound traffic
We cranked it up to Paranoid, and the Port Scan took much longer and revealed less information, though OS fingerprinting was still possible (though with an incorrect result). The ICMP results were the same in Paranoid Mode.
We also then enabled Application Protection, which warns when non-validated applications are started—in fact, it can be set to terminate or block any unknown application. This prevented all applications running on the system from making connections out, until they were registered with the software.
Other configuration options included the ability to warn of attack with popup windows and sounds, which is more useful than just logging and flashing the system tray icon
The RealSecure ICEcap Manager application allows you centrally manage and update all remote users, including “silent” installs and automatic synchronisation of configurations when remote systems come online. This ensures consistent application of security policies across the entire network enterprise. Centralised event reporting is available in the RealSecure SiteProtector enterprise management console, which integrates events from Desktop Protector into a complete management environment.
The RealSecure Desktop Protector is fairly easy to use, but it needs to tighten up its default security level and turn on popups and sounds by default. Even in Paranoid mode, nmap was able to fingerprint the system (wrongly, but close) and find open ports.
| Product: | ISS RealSecure Desktop Protector |
|
|
|
| Price: | From AU$240 per user |
|
|
|
| Vendor: | Internet Security Systems |
|
|
|
| Phone: | 07 3838 1555 |
|
|
|
| Web: | www.iss.net |
|
|
|
| Interoperability: |
½Good management features. |
|
|
|
| Futureproofing: |
Fairly easy to use. |
|
|
|
| ROI: |
½Great product but quite expensive. |
|
|
|
| Service: |
½Good online help and knowledgebase. |
|
|
|
| Rating: |
|
|
|
|
3%
5%
central silent installs?? was in ice cap but to my knowledge not yet wriitten into SP!!