Re: Network IPS Information Security Policy

[Gary Dobbins <dobbins () ND EDU>]

I'll paste at the end of this message an excerpt from our process for managing the IPS.  We set out to define one that 
would be heavily inclusive of the campus IT community, so that it was mostly they who choose when and what to block 
with the IPS, informed by the IDS side of the tool.


> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kris Monroe
> Sent: Friday, November 13, 2009 8:29 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Network IPS Information Security Policy
>
> Has anyone developed an Information Security Policy for their
> Network
> IPS that they could share?
> My Information Security Policies Made Easy 10th Edition has IDS and
> HIDS
> but not Network IPS and I feel it is a different enough beast that
> I'd
> like some other references.
> Regards,
> -Kris
>
> Kris Monroe, CISSP, CISA, TECP
> Network Security Engineer and Acting Information Security Officer
> Ithaca College

=====================================
Management Process - Campus Perimeter/Border System

   1. On behalf of the University, the Office of Information Technologies (OIT) will operate the University IPS. OIT 
will monitor and analyze network traffic to identify cyber threats.
   2. The OIT will propose IPS configuration changes to automatically block network traffic identified as a threat to 
the campus computing resources.
         1. Other members of the Notre Dame community may submit a proposal to recommend IPS configuration changes.
   3. A configuration change proposal may be submitted for campus review via the OIT Change Control process. The 
proposal must include an explanation of the functional impact of the change.
         1. All proposed changes will be published to the IPS-EVENTS email list service and on the secure.nd.edu 
website.
         2. A one-week commentary period for each proposal will be available where members of the Notre Dame community 
can comment on the proposed change. The IPS-EVENTS list service will be used to receive comments.
   4. The OIT Change Advisory Board will provide oversight by reviewing comments and determining if the proposed change 
is approved for deployment
   5. Once approved, the change is scheduled through the OIT Change Control process.
   6. After the change is deployed, a post-deployment notification will be posted to the IT-Events email list service 
and on this website.
   7. Rollback-If a configuration change creates unintended issues, the configuration can either be modified or turned 
off. Problems should be reported using the standard OIT Unscheduled Service Outage/Performance Issues Notification 
Process
   8. The OIT Change Advisory Board will handle all emergency changes.
   9. In order to create awareness of the Border IPS system configuration, an inventory of approved and proposed 
changes will be maintained. The complete inventory is available to anyone with valid netid.