Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Network IPS Information Security Policy

From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Fri, 13 Nov 2009 15:11:46 -0500
This is the reason that our policy is that we do not look at content on the network and will not run anything that 
looks at content on the network.

We do all of our detection using behavior analysis - not the easiest way to go but it works on encrypted traffic just 
as well and I never have to explain how
we "just happen to see ... "

My 2 cents

Joel Rosenblatt

Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel


--On Friday, November 13, 2009 2:53 PM -0500 randy marchany <marchany () VT EDU> wrote:


This is an interesting thread and I have another question to ask.
Given the nature of IPS and it's ability to basically read any email,
chat, or any data sent through the wire, how are institutions dealing
with the potential public relations nightmare of explaining to your
constituents that this device and its keepers have that ability? Does
anyone have a stock answer of "balancing security of the
infrastructure with the ability for transmissions to be monitored"?
Has anyone run into this situation? I can see spinning the answer to
say that "encryption" is the best way to go but then that will start
to limit the ability of the IPS to detect attack payloads.

Just wondering.

-Randy Marchany
VA Tech IT Security Office & Lab





Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Previous By Date Next
Previous By Thread Next

Current thread: