Educause Security Discussion mailing list archives
Re: IDP/IDS products
From: "King, Ronald A." <raking () NSU EDU>
Date: Wed, 17 Sep 2008 16:23:17 -0400
1. Inline 2. Traffic based with certain filters triggering the Quarantine/Responder feature. 3. In my 2.5 years of working with it, 1 false positive on our profile. At the time, the particular filter preventing the traffic was set to "Block" and it took us a bit of investigating to figure that out. Now we ensure all filters are set to "Block + Notify." 4. Tippingpoint. I wasn't part of the selection process, but we have compared it to ISS (IBM) and NitroSecurity and found each to be lacking in key areas that Tippingpoint provides. 5. The few we have found have been related to the SMS server and they where minor. Ronald King Security Engineer Norfolk State University -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Robert Riley Sent: Tuesday, September 16, 2008 3:05 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] IDP/IDS products We are seeking peer feedback on the use of Intrusion Detection/Prevention systems. If your organization has deployed an enterprise IDP/IDS, are you: 1. Using the product inline or in bypass mode? 2. Are you using the product to shun hosts? 3. How are you managing false positives? 4. Which product do you use and what was your selection criteria? 5. Have you documented any known issues with the product? Please feel free to contact me offlist if you prefer. Thank you. -- Robert Riley Information Security Professional University of Notre Dame
Attachment:
smime.p7s
Description:
Current thread:
- IDP/IDS products Robert Riley (Sep 16)
- <Possible follow-ups>
- Re: IDP/IDS products Chuck Braden (Sep 16)
- Re: IDP/IDS products Basgen, Brian (Sep 16)
- Re: IDP/IDS products DAVID R. MORTON (Sep 16)
- Re: IDP/IDS products DAVID R. MORTON (Sep 16)
- Re: IDP/IDS products Consolvo, Corbett D (Sep 16)
- Re: IDP/IDS products Avdagic, Indir (Sep 16)
- Re: IDP/IDS products Greene, Chip (Sep 17)
- Re: IDP/IDS products King, Ronald A. (Sep 17)
- Re: IDP/IDS products Joseph Clark (Sep 17)