Educause Security Discussion mailing list archives
Re: border filtering questions
From: Charlie Reitsma <reitsmac () DENISON EDU>
Date: Mon, 28 Feb 2011 15:53:14 -0500
Quoting Jeff Murphy <jcmurphy () BUFFALO EDU>:
Good Monday Sec Folks,If you have a moment, can you hit reply, check the appropriate box and fill in the blank if there is one under that box?[ ] We don't block traffic to/from known bad addresses/netblocks at our border.[ x ] We manually block traffic to/from known bad addresses/netblocks at our border (someone logs into a device and types in the address/netblock. frequency can be rarely-to-routine, I'm interested in whether you do it at all)
I'd like to know how to do it automatically but not enough to pay for it.
[ ] We automatically* block traffic to/from known bad addresses/netblocks at our border using a border router (ACL) and free/homegrown software (software talks directly to the router) (*using some feed of addresses/netblocks, for example obtained via a SIEM or external intelligence sources)[ ] We automatically* block traffic to/from known bad addresses/netblocks at our border using a border router (ACL) and commercial software (software talks directly to the router) (*using some feed of addresses/netblocks, for example obtained via a SIEM or external intelligence sources)What's the name of the commercial software package/vendor: _____[ ] We automatically* block traffic to/from known bad addresses/netblocks at our border using a commercial inline appliance (IPS, packet shaper, firewall) and free/homegrown software (software talks directly to the appliance) (*using some feed of addresses/netblocks, for example obtained via a SIEM or external intelligence sources, the feed is directly consumed by the appliance and not manually entered or pushed in via free/homegrown software)What's the name of the appliance vendor: _____[ ] We automatically* block traffic to/from known bad addresses/netblocks at our border using a commercial inline appliance (IPS, packet shaper, firewall) and commercial software (software talks directly to the appliance) (*using some feed of addresses/netblocks, for example obtained via a SIEM or external intelligence sources, the feed is directly consumed by the appliance and not manually entered or pushed in via free/homegrown software)What's the name of the appliance vendor: ______ What's the name of the commercial software package/vendor: _____ Jeff, your survey is weak! I want to tell you more! Here it is: _________ I'll anonymize/summarize back to the list. thanks, jeff murphy information security program manager university at buffalo
Current thread:
- border filtering questions Jeff Murphy (Feb 28)
- Re: border filtering questions Jeff Murphy (Feb 28)
- Re: border filtering questions Charlie Reitsma (Feb 28)
- Re: border filtering questions Valdis Kletnieks (Feb 28)
- Re: border filtering questions Jeff Murphy (Feb 28)
- Re: border filtering questions Anthony Maszeroski (Mar 01)