Educause Security Discussion mailing list archives
Re: IDS applications
From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Wed, 7 Jul 2010 12:27:51 -0400
We have been using our own Bayesian IDS system called PAIRS for 5 years .. Here is the link to the presentation that was done at Security Camp last year if anyone is interested.
<http://www.bu.edu/tech/files/pdf/rosenblatt.pdf> Thanks, Joel --On Wednesday, July 07, 2010 11:12 AM -0500 "James J. Barlow" <jbarlow () NCSA UIUC EDU> wrote:
On Tue, Jul 06, 2010 at 11:57:19AM -0400, Brian Grime wrote:Just wondering what different institutions are using in terms of open source IDS/IPS, and there heartaches or success stories that go along with them.We have been using Bro at our institution for the last 7 years or so. It did take a while to configure and fine tune it initially, but it has been well worth the effort. We have recently been able to do some statistics on all of the alerts and incidents we have received over the last 5 years and we found that 2/3 of all incidents were discovered first by Bro (over network flows, syslog, and file integrity checking). So it is the primary tool we have in our network monitoring toolkit. -- James J. Barlow <jbarlow () ncsa illinois edu> Head of Security Operations and Incident Response National Center for Supercomputing Applications Voice : (217)244-6403 1205 West Clark Street, Urbana, IL 61801 Cell : (217)840-0601 http://www.ncsa.illinois.edu/~jbarlow Fax : (217)244-1987
Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel
Current thread:
- IDS applications Brian Grime (Jul 06)
- Re: IDS applications Seth Hall (Jul 06)
- Re: IDS applications James J. Barlow (Jul 07)
- Re: IDS applications Joel Rosenblatt (Jul 07)
- Ad-Aware Free now includes AV. Implications for anti-spyware recommendations Ben Woelk (Jul 07)
- Re: Ad-Aware Free now includes AV. Implications for anti-spyware recommendations King, Ronald A. (Jul 07)
- Re: Ad-Aware Free now includes AV. Implications for anti-spyware recommendations Nguyen, Tung (Jul 07)
- Re: Ad-Aware Free now includes AV. Implications for anti-spyware recommendations Alex Keller (Jul 07)
- Re: IDS applications Joel Rosenblatt (Jul 07)