Educause Security Discussion mailing list archives

Re: IDS applications

From: "James J. Barlow" <jbarlow () NCSA UIUC EDU>
Date: Wed, 7 Jul 2010 11:12:34 -0500

On Tue, Jul 06, 2010 at 11:57:19AM -0400, Brian Grime wrote:


   Just  wondering what different institutions are using in terms of open
   source  IDS/IPS, and there heartaches or success stories that go along
   with them.


We have been using Bro at our institution for the last 7 years or so.
It did take a while to configure and fine tune it initially, but it
has been well worth the effort.  We have recently been able to do some
statistics on all of the alerts and incidents we have received over
the last 5 years and we found that 2/3 of all incidents were discovered
first by Bro (over network flows, syslog, and file integrity checking).
So it is the primary tool we have in our network monitoring toolkit.


-- 
James J. Barlow   <jbarlow () ncsa illinois edu>
Head of Security Operations and Incident Response
National Center for Supercomputing Applications    Voice : (217)244-6403
1205 West Clark Street, Urbana, IL  61801           Cell : (217)840-0601
http://www.ncsa.illinois.edu/~jbarlow                Fax : (217)244-1987

Current thread:

IDS applications Brian Grime (Jul 06)
- Re: IDS applications Seth Hall (Jul 06)
- Re: IDS applications James J. Barlow (Jul 07)
  - Re: IDS applications Joel Rosenblatt (Jul 07)
    - Ad-Aware Free now includes AV. Implications for anti-spyware recommendations Ben Woelk (Jul 07)
    - Re: Ad-Aware Free now includes AV. Implications for anti-spyware recommendations King, Ronald A. (Jul 07)
    - Re: Ad-Aware Free now includes AV. Implications for anti-spyware recommendations Nguyen, Tung (Jul 07)
    - Re: Ad-Aware Free now includes AV. Implications for anti-spyware recommendations Alex Keller (Jul 07)