Educause Security Discussion mailing list archives
Re: IDS applications
From: "James J. Barlow" <jbarlow () NCSA UIUC EDU>
Date: Wed, 7 Jul 2010 11:12:34 -0500
On Tue, Jul 06, 2010 at 11:57:19AM -0400, Brian Grime wrote:
Just wondering what different institutions are using in terms of open source IDS/IPS, and there heartaches or success stories that go along with them.
We have been using Bro at our institution for the last 7 years or so. It did take a while to configure and fine tune it initially, but it has been well worth the effort. We have recently been able to do some statistics on all of the alerts and incidents we have received over the last 5 years and we found that 2/3 of all incidents were discovered first by Bro (over network flows, syslog, and file integrity checking). So it is the primary tool we have in our network monitoring toolkit. -- James J. Barlow <jbarlow () ncsa illinois edu> Head of Security Operations and Incident Response National Center for Supercomputing Applications Voice : (217)244-6403 1205 West Clark Street, Urbana, IL 61801 Cell : (217)840-0601 http://www.ncsa.illinois.edu/~jbarlow Fax : (217)244-1987
Current thread:
- IDS applications Brian Grime (Jul 06)
- Re: IDS applications Seth Hall (Jul 06)
- Re: IDS applications James J. Barlow (Jul 07)
- Re: IDS applications Joel Rosenblatt (Jul 07)
- Ad-Aware Free now includes AV. Implications for anti-spyware recommendations Ben Woelk (Jul 07)
- Re: Ad-Aware Free now includes AV. Implications for anti-spyware recommendations King, Ronald A. (Jul 07)
- Re: Ad-Aware Free now includes AV. Implications for anti-spyware recommendations Nguyen, Tung (Jul 07)
- Re: Ad-Aware Free now includes AV. Implications for anti-spyware recommendations Alex Keller (Jul 07)
- Re: IDS applications Joel Rosenblatt (Jul 07)