Educause Security Discussion mailing list archives
Re: Introduction and preliminary question re: use of IDS/IPS
From: Peter Charbonneau <Peter.Charbonneau () WILLIAMS EDU>
Date: Thu, 26 Feb 2004 14:53:07 -0500
Here at Williams, we have used SNORT as an IDS for about 3 years. Obviously, with (mostly) "wide-open" internet access, there are TONS of alerts. I have attended a number of IDS seminars, deminars, roundtables, etc. over the years and feel that unless we can lock down our network, no IDS is any better than any other. I use SNORT mostly for trend analysis; having used it for so long, I know what is normal for internet access and what is not normal; when I see an abnormal trend, I start investigating. A couple of years ago, I started looking at IPS - Tipping Point SEEMS to be on the right track, but the cost of that device is outrageous (IMO). I am planning to attend SANS' IPS two day series in April - maybe this event will show SANS' IPS coming into its own. P On Feb 26, 2004, at 10:39 AM, Jason Richardson wrote:
Hi, I discovered this list and the Unisog list yesterday and subscribed immediately. I am IT Security Manager at Northern Illinois Univ. We are a fairly large state university (approx. 25K undergrad + grad schools) located west of Chicago. I have searched the archives for discussion re: the use of IDS and IPS on university campuses and found a few posts but not much discussion so I decided to go ahead and post my question. My apologies if this has been discussed before under a thread that I didn't see. How prevalent is the use of IDS/IPS on campus networks? We have been using an IDS that hasn't really worked out for us for the past two years and we are considering replacing it. Our network engineering staff has some concerns about the longevity of IDS/IPS and whether such systems will even be in use 5 years from now. My reading so far has led me to believe that while pure IDS is probably on its way out, IPS is alive and well and will be for some time. I was hoping to get a general sense of whether such systems are being used to secure campus networks. To narrow the inquiry somewhat, I am referring more to NIDS than HIDS but we are looking at HIDS also. Thanks in advance for any feedback, --- Jason Richardson, J.D., CISSP, CISM. CNE Manager, IT Security and Client Development Enterprise Systems Support Northern Illinois University Voice: 815-753-1678 Fax: 815-753-2555 jasrich () niu edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
PeteC Peter Charbonneau Sr. Network and Systems Administrator Williams College (413) 597-3408 (desk) (413) 822-2922 (cell) ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Introduction and preliminary question re: use of IDS/IPS Jason Richardson (Feb 26)
- <Possible follow-ups>
- Re: Introduction and preliminary question re: use of IDS/IPS Walsh, Brian R. (Information Services) (Feb 26)
- Re: Introduction and preliminary question re: use of IDS/IPS Gary Flynn (Feb 26)
- Re: Introduction and preliminary question re: use of IDS/IPS Peter Charbonneau (Feb 26)
- Re: Introduction and preliminary question re: use of IDS/IPS Dennis Vich (Feb 26)
- Re: Introduction and preliminary question re: use of IDS/IPS Jason Richardson (Mar 01)