Re: Introduction and preliminary question re: use of IDS/IPS

[Dennis Vich <dvich () ACELATECHNOLOGIES COM>]

We've deployed the StillSecure Border Guard IPS at several educational
institutions (www.stillsecure.com).  I agree with Peter, the Tipping
Point IPS switch is a very nice solution if you have the budget.

Overall, the trend since Blaster we're seeing is more interest in
placing IPS between student segments and administrative networks than in
protecting the public interface.



Dennis Vich
Acela Technologies, Inc.
301-846-9060 office
301-674-5592 mobile
dvich () acelatechnologies com

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Peter Charbonneau
Sent: Thursday, February 26, 2004 2:53 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Introduction and preliminary question re: use of
IDS/IPS

Here at Williams, we have used SNORT as an IDS for about 3 years.
Obviously, with (mostly) "wide-open" internet access, there are TONS of
alerts.  I have attended a number of IDS seminars, deminars,
roundtables, etc. over the years and feel that unless we can lock down
our network, no IDS is any better than any other.  I use SNORT mostly
for trend analysis; having used it for so long, I know what is normal
for internet access and what is not normal; when I see an abnormal
trend, I start investigating.

A couple of years ago, I started looking at IPS - Tipping Point SEEMS
to be on the right track, but the cost of that device is outrageous
(IMO).  I am planning to attend SANS' IPS two day series in April -
maybe this event will show SANS' IPS coming into its own.

P

On Feb 26, 2004, at 10:39 AM, Jason Richardson wrote:

> Hi, I discovered this list and the Unisog list yesterday and
subscribed
> immediately.  I am IT Security Manager at Northern Illinois Univ.  We
> are a fairly large state university (approx. 25K undergrad + grad
> schools) located west of Chicago.  I have searched the archives for
> discussion re: the use of IDS and IPS on university campuses and found
> a
> few posts but not much discussion so I decided to go ahead and post my
> question.  My apologies if this has been discussed before under a
> thread
> that I didn't see.  How prevalent is the use of IDS/IPS on campus
> networks?  We have been using an IDS that hasn't really worked out for
> us for the past two years and we are considering replacing it.  Our
> network engineering staff has some concerns about the longevity of
> IDS/IPS and whether such systems will even be in use 5 years from now.
> My reading so far has led me to believe that while pure IDS is
probably
> on its way out, IPS is alive and well and will be for some time.  I
was
> hoping to get a general sense of whether such systems are being used
to
> secure campus networks.  To narrow the inquiry somewhat, I am
referring
> more to NIDS than HIDS but we are looking at HIDS also.
>
> Thanks in advance for any feedback,
>
> ---
> Jason Richardson, J.D., CISSP, CISM. CNE
> Manager, IT Security and Client Development
> Enterprise Systems Support
> Northern Illinois University
> Voice: 815-753-1678
> Fax: 815-753-2555
> jasrich () niu edu
>
> **********
> Participation and subscription information for this EDUCAUSE
> Discussion Group discussion list can be found at
> http://www.educause.edu/cg/.


PeteC

Peter Charbonneau
Sr. Network and Systems Administrator
Williams College
(413) 597-3408 (desk)
(413) 822-2922 (cell)

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.