Educause Security Discussion mailing list archives
Re: Network IPS Information Security Policy
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Fri, 13 Nov 2009 13:12:44 -0700
We did not feel the need to create a Policy, but I've enclosed our "IPS review procedures" document. Randy, to your question, we have policy with similar language to what Gary just posted. The key point here is that we have both the right and obligation to monitor network traffic, we will not inspect the traffic of any particular individual without following a very particular set of procedures. ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College Office: 520-206-4873 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Dobbins Sent: Friday, November 13, 2009 12:30 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Network IPS Information Security Policy I'll paste at the end of this message an excerpt from our process for managing the IPS. We set out to define one that would be heavily inclusive of the campus IT community, so that it was mostly they who choose when and what to block with the IPS, informed by the IDS side of the tool.
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kris Monroe Sent: Friday, November 13, 2009 8:29 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Network IPS Information Security Policy Has anyone developed an Information Security Policy for their Network IPS that they could share? My Information Security Policies Made Easy 10th Edition has IDS and HIDS but not Network IPS and I feel it is a different enough beast that I'd like some other references. Regards, -Kris Kris Monroe, CISSP, CISA, TECP Network Security Engineer and Acting Information Security Officer Ithaca College
===================================== Management Process - Campus Perimeter/Border System 1. On behalf of the University, the Office of Information Technologies (OIT) will operate the University IPS. OIT will monitor and analyze network traffic to identify cyber threats. 2. The OIT will propose IPS configuration changes to automatically block network traffic identified as a threat to the campus computing resources. 1. Other members of the Notre Dame community may submit a proposal to recommend IPS configuration changes. 3. A configuration change proposal may be submitted for campus review via the OIT Change Control process. The proposal must include an explanation of the functional impact of the change. 1. All proposed changes will be published to the IPS-EVENTS email list service and on the secure.nd.edu website. 2. A one-week commentary period for each proposal will be available where members of the Notre Dame community can comment on the proposed change. The IPS-EVENTS list service will be used to receive comments. 4. The OIT Change Advisory Board will provide oversight by reviewing comments and determining if the proposed change is approved for deployment 5. Once approved, the change is scheduled through the OIT Change Control process. 6. After the change is deployed, a post-deployment notification will be posted to the IT-Events email list service and on this website. 7. Rollback-If a configuration change creates unintended issues, the configuration can either be modified or turned off. Problems should be reported using the standard OIT Unscheduled Service Outage/Performance Issues Notification Process 8. The OIT Change Advisory Board will handle all emergency changes. 9. In order to create awareness of the Border IPS system configuration, an inventory of approved and proposed changes will be maintained. The complete inventory is available to anyone with valid netid.
Attachment:
IPS Review Procedures.pdf
Description: IPS Review Procedures.pdf
Current thread:
- Network IPS Information Security Policy Kris Monroe (Nov 13)
- <Possible follow-ups>
- Re: Network IPS Information Security Policy Gary Dobbins (Nov 13)
- Re: Network IPS Information Security Policy randy marchany (Nov 13)
- Re: Network IPS Information Security Policy Gary Dobbins (Nov 13)
- Re: Network IPS Information Security Policy Joel Rosenblatt (Nov 13)
- Re: Network IPS Information Security Policy Basgen, Brian (Nov 13)
- Re: Network IPS Information Security Policy Alex (Nov 13)
- Re: Network IPS Information Security Policy Gary Dobbins (Nov 13)
- Re: Network IPS Information Security Policy randy marchany (Nov 13)
- Re: Network IPS Information Security Policy randy marchany (Nov 13)
- Re: Network IPS Information Security Policy Basgen, Brian (Nov 13)
- Re: Network IPS Information Security Policy Willis Marti (Nov 14)
- Re: Network IPS Information Security Policy Pete Hickey (Nov 14)
- Re: Network IPS Information Security Policy Thomas R. Davis (Nov 18)