Educause Security Discussion mailing list archives
Re: remotely monitoring from multiple campuses & sample SIEM/log management RFPs
From: Brass Hat at Crystal Palace <fmtaylor () PURDUE EDU>
Date: Tue, 21 Apr 2009 11:42:00 -0400
If cost is a concern, and you have a couple of good network/unix geeks you could use Snort. The price of each sensor is the price of a used PC, and the time to install it. On Tuesday 21 April 2009 11:21 am, Youngquist, Jason R. formed electrons in this pattern:
For those of you that have multiple campuses, do you have an IDS/IPS device at each campus, or how are you monitoring abnormal/malicious activity from the campuses? Currently we have ~30 remote campuses (size varies from a couple computers to ~80 computers) and each has their own Internet connection. Instead of deploying an IDS/IPS at each campus (which would have been cost prohibitive) each campus has a Cisco router exporting neflows to a central collector, and we are using a commercial NBAD product to monitor the campuses for any abnormal/potentially malicious activity based on netflow information. If we just had one Internet pipe at our main campus, I could stick in something like a TippingPoint for IDS/IPS, but since we have a large amount of remote campuses we also want to monitor, it makes things a bit challenging. I'm looking for suggestions others might have for any alternatives to monitoring the traffic for malicious activity at our remote campuses. Also, does anyone have any sample log management/SIEM RFPs they would be willing to share? Appreciate any information you can provide. Thanks. Jason Youngquist Information Technology Security Engineer, Security+ Technology Services Columbia College 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 jryoungquist () ccis edu http://www.ccis.edu
Current thread:
- remotely monitoring from multiple campuses & sample SIEM/log management RFPs Youngquist, Jason R. (Apr 21)
- <Possible follow-ups>
- Re: remotely monitoring from multiple campuses & sample SIEM/log management RFPs Brass Hat at Crystal Palace (Apr 21)