Educause Security Discussion mailing list archives
Re: Introduction and preliminary question re: use of IDS/IPS
From: "Walsh, Brian R. (Information Services)" <brwal () CONNCOLL EDU>
Date: Thu, 26 Feb 2004 11:12:59 -0500
We had a similar situation where we had two CISCO Netranger IDS probes that were several years old, difficult to manage, and generally not very useful. We recently evaluated and purchased 3 NetScreen IDP boxes which have been in place for about 2 months and have already proven to be extremely useful as well as easy to manage and update. We have the NetScreen IDPs in-line on each of our three major sub-networks: Residence Halls, Academic, and Administrative. This allows us to have different policies on each subnet and we have quickly taken advantage of the ability to not only detect attacks but acutally drop certain types of traffic. This has helped in keeping virus traffic off of our network as well as allowing us to block certain types of P2P traffic. We aren't doing anything yet with host-based IDS or firewalls but I am looking at Cisco's security agent and ZoneLabs endpoint security products as possible future solutions. Brian Walsh Connecicut College -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU]On Behalf Of Jason Richardson Sent: Thursday, February 26, 2004 10:40 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Introduction and preliminary question re: use of IDS/IPS Hi, I discovered this list and the Unisog list yesterday and subscribed immediately. I am IT Security Manager at Northern Illinois Univ. We are a fairly large state university (approx. 25K undergrad + grad schools) located west of Chicago. I have searched the archives for discussion re: the use of IDS and IPS on university campuses and found a few posts but not much discussion so I decided to go ahead and post my question. My apologies if this has been discussed before under a thread that I didn't see. How prevalent is the use of IDS/IPS on campus networks? We have been using an IDS that hasn't really worked out for us for the past two years and we are considering replacing it. Our network engineering staff has some concerns about the longevity of IDS/IPS and whether such systems will even be in use 5 years from now. My reading so far has led me to believe that while pure IDS is probably on its way out, IPS is alive and well and will be for some time. I was hoping to get a general sense of whether such systems are being used to secure campus networks. To narrow the inquiry somewhat, I am referring more to NIDS than HIDS but we are looking at HIDS also. Thanks in advance for any feedback, --- Jason Richardson, J.D., CISSP, CISM. CNE Manager, IT Security and Client Development Enterprise Systems Support Northern Illinois University Voice: 815-753-1678 Fax: 815-753-2555 jasrich () niu edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Introduction and preliminary question re: use of IDS/IPS Jason Richardson (Feb 26)
- <Possible follow-ups>
- Re: Introduction and preliminary question re: use of IDS/IPS Walsh, Brian R. (Information Services) (Feb 26)
- Re: Introduction and preliminary question re: use of IDS/IPS Gary Flynn (Feb 26)
- Re: Introduction and preliminary question re: use of IDS/IPS Peter Charbonneau (Feb 26)
- Re: Introduction and preliminary question re: use of IDS/IPS Dennis Vich (Feb 26)
- Re: Introduction and preliminary question re: use of IDS/IPS Jason Richardson (Mar 01)