Educause Security Discussion mailing list archives
Re: Network IPS Information Security Policy
From: Gary Dobbins <dobbins () ND EDU>
Date: Fri, 13 Nov 2009 14:30:03 -0500
I'll paste at the end of this message an excerpt from our process for managing the IPS. We set out to define one that would be heavily inclusive of the campus IT community, so that it was mostly they who choose when and what to block with the IPS, informed by the IDS side of the tool.
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kris Monroe Sent: Friday, November 13, 2009 8:29 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Network IPS Information Security Policy Has anyone developed an Information Security Policy for their Network IPS that they could share? My Information Security Policies Made Easy 10th Edition has IDS and HIDS but not Network IPS and I feel it is a different enough beast that I'd like some other references. Regards, -Kris Kris Monroe, CISSP, CISA, TECP Network Security Engineer and Acting Information Security Officer Ithaca College
===================================== Management Process - Campus Perimeter/Border System 1. On behalf of the University, the Office of Information Technologies (OIT) will operate the University IPS. OIT will monitor and analyze network traffic to identify cyber threats. 2. The OIT will propose IPS configuration changes to automatically block network traffic identified as a threat to the campus computing resources. 1. Other members of the Notre Dame community may submit a proposal to recommend IPS configuration changes. 3. A configuration change proposal may be submitted for campus review via the OIT Change Control process. The proposal must include an explanation of the functional impact of the change. 1. All proposed changes will be published to the IPS-EVENTS email list service and on the secure.nd.edu website. 2. A one-week commentary period for each proposal will be available where members of the Notre Dame community can comment on the proposed change. The IPS-EVENTS list service will be used to receive comments. 4. The OIT Change Advisory Board will provide oversight by reviewing comments and determining if the proposed change is approved for deployment 5. Once approved, the change is scheduled through the OIT Change Control process. 6. After the change is deployed, a post-deployment notification will be posted to the IT-Events email list service and on this website. 7. Rollback-If a configuration change creates unintended issues, the configuration can either be modified or turned off. Problems should be reported using the standard OIT Unscheduled Service Outage/Performance Issues Notification Process 8. The OIT Change Advisory Board will handle all emergency changes. 9. In order to create awareness of the Border IPS system configuration, an inventory of approved and proposed changes will be maintained. The complete inventory is available to anyone with valid netid.
Current thread:
- Network IPS Information Security Policy Kris Monroe (Nov 13)
- <Possible follow-ups>
- Re: Network IPS Information Security Policy Gary Dobbins (Nov 13)
- Re: Network IPS Information Security Policy randy marchany (Nov 13)
- Re: Network IPS Information Security Policy Gary Dobbins (Nov 13)
- Re: Network IPS Information Security Policy Joel Rosenblatt (Nov 13)
- Re: Network IPS Information Security Policy Basgen, Brian (Nov 13)
- Re: Network IPS Information Security Policy Alex (Nov 13)
- Re: Network IPS Information Security Policy Gary Dobbins (Nov 13)
- Re: Network IPS Information Security Policy randy marchany (Nov 13)
- Re: Network IPS Information Security Policy randy marchany (Nov 13)
- Re: Network IPS Information Security Policy Basgen, Brian (Nov 13)
- Re: Network IPS Information Security Policy Willis Marti (Nov 14)
(Thread continues...)