Educause Security Discussion mailing list archives

border filtering questions

From: Jeff Murphy <jcmurphy () BUFFALO EDU>
Date: Mon, 28 Feb 2011 13:41:13 -0500

Good Monday Sec Folks, 

If you have a moment, can you hit reply, check the appropriate box and fill in the blank if there is one under that box?



[  ]  We don't block traffic to/from known bad addresses/netblocks at our border. 




[  ]  We manually block traffic to/from known bad addresses/netblocks at our border 
        (someone logs into a device and types in the address/netblock. frequency can be rarely-to-routine, I'm 
interested in whether you do it at all)




[  ]  We automatically* block traffic to/from known bad addresses/netblocks at our border using a border router (ACL) 
and free/homegrown software (software talks directly to the router)
        (*using some feed of addresses/netblocks, for example obtained via a SIEM or external intelligence sources)

[  ]  We automatically* block traffic to/from known bad addresses/netblocks at our border using a border router (ACL) 
and commercial software (software talks directly to the router)
        (*using some feed of addresses/netblocks, for example obtained via a SIEM or external intelligence sources)

        What's the name of the commercial software package/vendor: _____




[  ]  We automatically* block traffic to/from known bad addresses/netblocks at our border using a commercial inline 
appliance (IPS, packet shaper, firewall) and free/homegrown software (software talks directly to the appliance)
        (*using some feed of addresses/netblocks, for example obtained via a SIEM or external intelligence sources, the 
feed is directly consumed by the appliance and not manually entered or pushed in via free/homegrown software)

        What's the name of the appliance vendor: _____

[  ]  We automatically* block traffic to/from known bad addresses/netblocks at our border using a commercial inline 
appliance  (IPS, packet shaper, firewall) and commercial software (software talks directly to the appliance)
        (*using some feed of addresses/netblocks, for example obtained via a SIEM or external intelligence sources, the 
feed is directly consumed by the appliance and not manually entered or pushed in via free/homegrown software)

        What's the name of the appliance vendor: ______
        What's the name of the commercial software package/vendor: _____



Jeff, your survey is weak! I want to tell you more! Here it is: _________




I'll anonymize/summarize back to the list.

thanks,

jeff murphy
information security program manager
university at buffalo

Attachment: smime.p7s
Description:

Current thread:

border filtering questions Jeff Murphy (Feb 28)
- Re: border filtering questions Jeff Murphy (Feb 28)
- Re: border filtering questions Charlie Reitsma (Feb 28)
- Re: border filtering questions Valdis Kletnieks (Feb 28)
  - Re: border filtering questions Jeff Murphy (Feb 28)
- Re: border filtering questions Anthony Maszeroski (Mar 01)