Educause Security Discussion mailing list archives
Re: IDP/IDS products
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Tue, 16 Sep 2008 14:18:50 -0700
Robert, 1. Inline 2. No, traffic is blocked, not hosts. 3. Since 2003, we have had an extremely small number of false positives. Essentially a non-issue. 4. Tipping Point. 5. No issues. :) FWIW, a good selling point is that an IPS is simply a modern firewall. ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Robert Riley Sent: Tuesday, September 16, 2008 12:05 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] IDP/IDS products We are seeking peer feedback on the use of Intrusion Detection/Prevention systems. If your organization has deployed an enterprise IDP/IDS, are you: 1. Using the product inline or in bypass mode? 2. Are you using the product to shun hosts? 3. How are you managing false positives? 4. Which product do you use and what was your selection criteria? 5. Have you documented any known issues with the product? Please feel free to contact me offlist if you prefer. Thank you. -- Robert Riley Information Security Professional University of Notre Dame
Current thread:
- IDP/IDS products Robert Riley (Sep 16)
- <Possible follow-ups>
- Re: IDP/IDS products Chuck Braden (Sep 16)
- Re: IDP/IDS products Basgen, Brian (Sep 16)
- Re: IDP/IDS products DAVID R. MORTON (Sep 16)
- Re: IDP/IDS products DAVID R. MORTON (Sep 16)
- Re: IDP/IDS products Consolvo, Corbett D (Sep 16)
- Re: IDP/IDS products Avdagic, Indir (Sep 16)
- Re: IDP/IDS products Greene, Chip (Sep 17)
- Re: IDP/IDS products King, Ronald A. (Sep 17)
- Re: IDP/IDS products Joseph Clark (Sep 17)