Educause Security Discussion mailing list archives

Re: HIPS

From: "King, Ronald A." <raking () NSU EDU>
Date: Mon, 14 Sep 2009 10:48:10 -0400

HIPS is installed on both servers and workstations.

Ronald King
Security Engineer
Norfolk State University
Marie V. McDemmond Center for Applied Research 
Suite 401 
700 Park Ave.
Norfolk, Virginia  23504
Phone:  757-823-3918
Fax: 757-823-2128
Email: raking () nsu edu
http://security.nsu.edu


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of dick.jacobson () NDUS EDU
Sent: Saturday, September 12, 2009 10:43 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] HIPS

Are you talking about server HIPS or endpoint HIPS ?  We have been having
this discussion for a while.

We use Sophos as our endpoint protection solution.  We learned the hard
way
that HIPS is a valuable addition to protecting the hosts when set to
something
other than "alert only."  Just be prepared to monitor what it
blocks/breaks so
it can be "authorized."  So far, only a few hosts have had anything legit
blocked.

Ronald King
Security Engineer
Norfolk State University
Marie V. McDemmond Center for Applied Research
Suite 401
700 Park Ave.
Norfolk, Virginia  23504
Phone:  757-823-3918
Fax: 757-823-2128
Email: raking () nsu edu
http://security.nsu.edu


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steve Brukbacher
Sent: Friday, September 11, 2009 2:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] HIPS

We have McAfee available to us now....

--
Steve Brukbacher
University of Wisconsin Milwaukee
Information Security Architect
UWM Computer Security Web Site
www.security.uwm.edu
Phone: 414.229.2224
Main Office: 414.229.1100


----- Original Message -----
From: "Jessica Raymond" <Jessica.Raymond () UNCO EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Sent: Friday, September 11, 2009 1:28:46 PM GMT -06:00 US/Canada Central
Subject: Re: [SECURITY] HIPS

What technology are you using?
Jessica L. Raymond, CISSP
IT Security Analyst
Carter Hall
Office 0009-b
(970)351-1420 Office
(970)213-8928 Work Mobile

----- Original Message -----
From: The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Fri Sep 11 12:25:42 2009
Subject: [SECURITY] HIPS

Anyone finding HIPS truly useful in helping reduce malware infections?
Any tips/strategies?  Things to watch out for?  How are you managing
false positives?

--
Steve Brukbacher, CISSP
University of Wisconsin Milwaukee
Information Security Architect
UWM Computer Security Web Site
www.security.uwm.edu
Phone: 414.229.2224

Attachment: smime.p7s
Description:

Current thread:

HIPS Steve Brukbacher (Sep 11)
- <Possible follow-ups>
- Re: HIPS Raymond, Jessica (Sep 11)
- Re: HIPS Steve Brukbacher (Sep 11)
- Re: HIPS Patrick Ouellette (Sep 11)
- Re: HIPS King, Ronald A. (Sep 11)
- Re: HIPS Theresa Semmens (Sep 11)
- Re: HIPS Raymond, Jessica (Sep 11)
- Re: HIPS dick . jacobson (Sep 12)
- Re: HIPS Raw, Randy (Sep 13)
- Re: HIPS King, Ronald A. (Sep 14)