Educause Security Discussion mailing list archives
Re: TippingPoint and Cisco IDSM2 IPS offerings (cross-posted to NETMAN)
From: Scott Genung <sagenung () ILSTU EDU>
Date: Sun, 29 Aug 2004 21:58:34 -0500
David, I would echo the comments from Chris. We performed a product evaluation of the Tipping Point 1200 series IPS last April when Sasser first emerged. We had a strain for which our AV vendor (McAfee) did not yet have a virus. Because the product reported signature matches on the vulnerability (and not the specific Sasser variant), we were able to block a great deal and then identify infected hosts from day 1. We were sold after that. We bought 2 of the 1200s and plan on buying a 3rd later this year. We have them inspecting traffic between each of our 5 ResNet environments and our campus backbone as well as WAN connectivity to the core. The reporting capabilities of the product isn't as flexible as I would like but it's better than most. We don't have any experience with the the IDSM2 (although we discussed it earlier this year). We do have a pair of Cisco 4235 IDS sensors. Our lessons here was that we had performance problems on the 6500 we were using to span ports. We were told to use VACL capture as an alternative but never had time to make this change before the spring semester ended. We have had nothing but problems with the reporting tool (VMS). We have heard rumors that Cisco will release an IPS image for their sensor appliances and the IDSMs at the tail end of this year. It's difficult to say how they will stack up against the Tipping Point solution. At 05:01 PM 8/29/2004, you wrote:
We use tipping point 2400s in our network and have been quite pleased. We use them at the core to handle gig ethernet trunk links. This fall we installed two new ones to protect our residential network. Due to scheduling problems, we were not able to finish the installation before the students moved back in. The very first day, we had a network meltdown due to sasser. The Tippingpoints were rushed into production and the network has been fine since. The tipping points are stopping over 200K hits per hour during some of the peaks last weekend. This has given us time to find and fix infected computers, without a significant impact on client usage. One of TippingPoints strong suits has been support. Our network engineer is not one to complement lightly. After several problems which would normally have left him grumbling about the company, he commented that they are a class act. Our experience has not been perfect, but all in all it has been very good. Well worth the cost in my opinion. I don't work for Tipping Point and I don't get any benefit from them for posting this. Your mileage may vary. At 04:21 PM 8/28/2004, you wrote:(This message has been cross-posted to NETMAN () LISTSERV EDUCAUSE EDU) Oklahoma State University is considering solutions for intrusion prevention, IDS, and rate limiting on our network. We have evaled a Tippingpoint UnityOne device and were intially pleased. We have also been asked to consider a Cisco IDSM2 module in a 650x chassis for IPS abilities. Has anyone used either of these solutions who could share your insight and experience of the effectiveness and value of these devices (or others)? Thank you, David Skrdla Network Security Analyst Systems Security Office IT/Technology Operations Oklahoma State University Ph. 405-744-7806 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Scott Genung Manager of Networking Systems Telecommunications and Networking Illinois State University 124 Julian Hall Normal, IL 61790-3500 Phone: (309)438-7258 Web: http://www.tel.ilstu.edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- TippingPoint and Cisco IDSM2 IPS offerings (cross-posted to NETMAN) Skrdla, David (Aug 28)
- <Possible follow-ups>
- Re: TippingPoint and Cisco IDSM2 IPS offerings (cross-posted to NETMAN) chris Allison (Aug 29)
- Re: TippingPoint and Cisco IDSM2 IPS offerings (cross-posted to NETMAN) Ray Lombardi (Aug 29)
- Re: TippingPoint and Cisco IDSM2 IPS offerings (cross-posted to NETMAN) Scott Genung (Aug 29)
- Re: TippingPoint and Cisco IDSM2 IPS offerings (cross-posted to NETMAN) Eric Van Wiltenburg (Aug 30)