Educause Security Discussion mailing list archives
Re: Network IPS Information Security Policy
From: randy marchany <marchany () VT EDU>
Date: Fri, 13 Nov 2009 14:53:37 -0500
This is an interesting thread and I have another question to ask. Given the nature of IPS and it's ability to basically read any email, chat, or any data sent through the wire, how are institutions dealing with the potential public relations nightmare of explaining to your constituents that this device and its keepers have that ability? Does anyone have a stock answer of "balancing security of the infrastructure with the ability for transmissions to be monitored"? Has anyone run into this situation? I can see spinning the answer to say that "encryption" is the best way to go but then that will start to limit the ability of the IPS to detect attack payloads. Just wondering. -Randy Marchany VA Tech IT Security Office & Lab
Current thread:
- Network IPS Information Security Policy Kris Monroe (Nov 13)
- <Possible follow-ups>
- Re: Network IPS Information Security Policy Gary Dobbins (Nov 13)
- Re: Network IPS Information Security Policy randy marchany (Nov 13)
- Re: Network IPS Information Security Policy Gary Dobbins (Nov 13)
- Re: Network IPS Information Security Policy Joel Rosenblatt (Nov 13)
- Re: Network IPS Information Security Policy Basgen, Brian (Nov 13)
- Re: Network IPS Information Security Policy Alex (Nov 13)
- Re: Network IPS Information Security Policy Gary Dobbins (Nov 13)
- Re: Network IPS Information Security Policy randy marchany (Nov 13)
- Re: Network IPS Information Security Policy randy marchany (Nov 13)
- Re: Network IPS Information Security Policy Basgen, Brian (Nov 13)
- Re: Network IPS Information Security Policy Willis Marti (Nov 14)
- Re: Network IPS Information Security Policy Pete Hickey (Nov 14)
(Thread continues...)