Re: Introduction and preliminary question re: use of IDS/IPS

["Walsh, Brian R. (Information Services)" <brwal () CONNCOLL EDU>]

We had a similar situation where we had two CISCO Netranger IDS probes that were several years old, difficult to 
manage, and generally not very useful. We recently evaluated and purchased 3 NetScreen IDP boxes which have been in 
place for about 2 months and have already proven to be extremely useful as well as easy to manage and update.

We have the NetScreen IDPs in-line on each of our three major sub-networks: Residence Halls, Academic, and 
Administrative. This allows us to have different policies on each subnet and we have quickly taken advantage of the 
ability to not only detect attacks but acutally drop certain types of traffic. This has helped in keeping virus traffic 
off of our network as well as allowing us to block certain types of P2P traffic.

We aren't doing anything yet with host-based IDS or firewalls but I am looking at Cisco's security agent and ZoneLabs 
endpoint security products as possible future solutions.

Brian Walsh
Connecicut College


-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU]On Behalf Of Jason Richardson
Sent: Thursday, February 26, 2004 10:40 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Introduction and preliminary question re: use of
IDS/IPS


Hi, I discovered this list and the Unisog list yesterday and subscribed
immediately.  I am IT Security Manager at Northern Illinois Univ.  We
are a fairly large state university (approx. 25K undergrad + grad
schools) located west of Chicago.  I have searched the archives for
discussion re: the use of IDS and IPS on university campuses and found a
few posts but not much discussion so I decided to go ahead and post my
question.  My apologies if this has been discussed before under a thread
that I didn't see.  How prevalent is the use of IDS/IPS on campus
networks?  We have been using an IDS that hasn't really worked out for
us for the past two years and we are considering replacing it.  Our
network engineering staff has some concerns about the longevity of
IDS/IPS and whether such systems will even be in use 5 years from now.
My reading so far has led me to believe that while pure IDS is probably
on its way out, IPS is alive and well and will be for some time.  I was
hoping to get a general sense of whether such systems are being used to
secure campus networks.  To narrow the inquiry somewhat, I am referring
more to NIDS than HIDS but we are looking at HIDS also.

Thanks in advance for any feedback,

---
Jason Richardson, J.D., CISSP, CISM. CNE
Manager, IT Security and Client Development
Enterprise Systems Support
Northern Illinois University
Voice: 815-753-1678
Fax: 815-753-2555
jasrich () niu edu

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.