Educause Security Discussion mailing list archives
Re: Schools using SourceFire for IPS
From: "Everett, Alex D" <alex.everett () UNC EDU>
Date: Wed, 21 Jul 2010 13:30:32 -0400
Seth: The network-based (we have some host-based also) intrusion prevention units at UNC have been quite beneficial in a number of areas. 1. Attack migitation - millions of SSH brute force blocked per year, not to mention SQL injection, and php file includes. Must be inline for some of this to be useful* 2. HEOA - technical measures 3. Blocking bad IPs, no border firewall, so we use IPS instead 4. Investigating - like IDS, why does resnet have a lot of fake antivirus alerts???lets do something about it. 5. Zero-day/unpatched - its difficult for an enterprise to have all patches applied. New computers are brought up hourly. 6. Incident cost/helpdesk costs - one prevented incident could be worth tens of thousands due to regulatory compliance 7. Provides protection for devices that would otherwise have little 8. Monitoring - like network monitoring, we graph tcp/udp etc. per minute per interface 9. Blacklists - lets not have any IP that zeustracker or malwaredomains says is distributing malware connect to UNC Intrusion prevention can be one of other controls that help reduce risk for an organization. -Alex Everett, CISSP, CCNA IT Security Engineer University of North Carolina On Jul 21, 2010, at 12:33 PM, Seth Hall wrote:
On Jul 20, 2010, at 4:25 PM, Brad Judy wrote:We’re currently evaluating options for an IPS replacement project and we’re interested in hearing from any EDU’s who have deployed SourceFire equipment in an in-line IPS mode.Is there anyone willing to speak publicly about the real world benefits or perceived benefits they get from doing active IPS as opposed to just passively monitoring traffic in IDS mode? Sorry for hijacking your topic Brad, but I'd like to find out more generically about the reason why people choose IPS over (or in addition to) IDS. :) .Seth
Current thread:
- Schools using SourceFire for IPS Brad Judy (Jul 20)
- Re: Schools using SourceFire for IPS Seth Hall (Jul 21)
- Re: Schools using SourceFire for IPS Bill Kyle (Jul 21)
- Re: Schools using SourceFire for IPS Everett, Alex D (Jul 21)
- Re: Schools using SourceFire for IPS Brad Judy (Jul 22)
- Re: Schools using SourceFire for IPS Patrick Goggins (Jul 21)
- Re: Schools using SourceFire for IPS Seth Hall (Jul 21)