Educause Security Discussion mailing list archives
Re: Network IPS Information Security Policy
From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Fri, 13 Nov 2009 15:11:46 -0500
This is the reason that our policy is that we do not look at content on the network and will not run anything that looks at content on the network. We do all of our detection using behavior analysis - not the easiest way to go but it works on encrypted traffic just as well and I never have to explain how we "just happen to see ... " My 2 cents Joel Rosenblatt Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel --On Friday, November 13, 2009 2:53 PM -0500 randy marchany <marchany () VT EDU> wrote:
This is an interesting thread and I have another question to ask. Given the nature of IPS and it's ability to basically read any email, chat, or any data sent through the wire, how are institutions dealing with the potential public relations nightmare of explaining to your constituents that this device and its keepers have that ability? Does anyone have a stock answer of "balancing security of the infrastructure with the ability for transmissions to be monitored"? Has anyone run into this situation? I can see spinning the answer to say that "encryption" is the best way to go but then that will start to limit the ability of the IPS to detect attack payloads. Just wondering. -Randy Marchany VA Tech IT Security Office & Lab
Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel
Current thread:
- Network IPS Information Security Policy Kris Monroe (Nov 13)
- <Possible follow-ups>
- Re: Network IPS Information Security Policy Gary Dobbins (Nov 13)
- Re: Network IPS Information Security Policy randy marchany (Nov 13)
- Re: Network IPS Information Security Policy Gary Dobbins (Nov 13)
- Re: Network IPS Information Security Policy Joel Rosenblatt (Nov 13)
- Re: Network IPS Information Security Policy Basgen, Brian (Nov 13)
- Re: Network IPS Information Security Policy Alex (Nov 13)
- Re: Network IPS Information Security Policy Gary Dobbins (Nov 13)
- Re: Network IPS Information Security Policy randy marchany (Nov 13)
- Re: Network IPS Information Security Policy randy marchany (Nov 13)
- Re: Network IPS Information Security Policy Basgen, Brian (Nov 13)
- Re: Network IPS Information Security Policy Willis Marti (Nov 14)
- Re: Network IPS Information Security Policy Pete Hickey (Nov 14)
- Re: Network IPS Information Security Policy Thomas R. Davis (Nov 18)