Re: IPS signature update process

[Gary Dobbins <dobbins () ND EDU>]

We're approaching our deployment with similar caution as you.  We've established a request/vetting protocol with our 
campus IT leaders, which will run before any blocking rule is activated.

We expect this to evolve over time, and hope for the outcomes described by others where it eventually becomes a 
non-issue.  But for as long as it's needed, we will have this protocol in order to avoid surprises or unknowns ("hmm, 
maybe the IPS is blocking my research...") to our campus research/IT community.




From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Fields, 
Kimberly
Sent: Monday, August 17, 2009 11:15 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] IPS signature update process

Hello All,

We are currently trying to formalize a process for updating our IPS signatures.  I was looking to see what other people 
out there are doing.  Management would like to incorporate a review committee to help ensure legitimate traffic doesn't 
get blocked.  I'm struggling to come up with a model that would incorporate this.

 Any feedback would be helpful.

_____________________________________________________________________

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may include
AMERIGROUP member(s) information that is legally privileged. Any unauthorized review, use, disclosure or distribution 
is prohibited.
If you are not the intended recipient, please contact the sender by reply e-mail and destroy copies of the original 
message.
_____________________________________________________________________