Re: border filtering questions

[Charlie Reitsma <reitsmac () DENISON EDU>]

Quoting Jeff Murphy <jcmurphy () BUFFALO EDU>:

> Good Monday Sec Folks,
>
> If you have a moment, can you hit reply, check the appropriate box  
> and fill in the blank if there is one under that box?
>
>
>
> [  ]  We don't block traffic to/from known bad addresses/netblocks  
> at our border.
>
>
>
>
> [ x ]  We manually block traffic to/from known bad  
> addresses/netblocks at our border
> 	(someone logs into a device and types in the address/netblock.  
> frequency can be rarely-to-routine, I'm interested in whether you do  
> it at all)

I'd like to know how to do it automatically but not enough to pay for it.

> [  ]  We automatically* block traffic to/from known bad  
> addresses/netblocks at our border using a border router (ACL) and  
> free/homegrown software (software talks directly to the router)
> 	(*using some feed of addresses/netblocks, for example obtained via  
> a SIEM or external intelligence sources)
>
> [  ]  We automatically* block traffic to/from known bad  
> addresses/netblocks at our border using a border router (ACL) and  
> commercial software (software talks directly to the router)
> 	(*using some feed of addresses/netblocks, for example obtained via  
> a SIEM or external intelligence sources)
>
>         What's the name of the commercial software package/vendor: _____
>
>
>
>
> [  ]  We automatically* block traffic to/from known bad  
> addresses/netblocks at our border using a commercial inline  
> appliance (IPS, packet shaper, firewall) and free/homegrown software  
> (software talks directly to the appliance)
> 	(*using some feed of addresses/netblocks, for example obtained via  
> a SIEM or external intelligence sources, the feed is directly  
> consumed by the appliance and not manually entered or pushed in via  
> free/homegrown software)
>
>         What's the name of the appliance vendor: _____
>
> [  ]  We automatically* block traffic to/from known bad  
> addresses/netblocks at our border using a commercial inline  
> appliance  (IPS, packet shaper, firewall) and commercial software  
> (software talks directly to the appliance)
> 	(*using some feed of addresses/netblocks, for example obtained via  
> a SIEM or external intelligence sources, the feed is directly  
> consumed by the appliance and not manually entered or pushed in via  
> free/homegrown software)
>
>         What's the name of the appliance vendor: ______
>         What's the name of the commercial software package/vendor: _____
>
>
>
> Jeff, your survey is weak! I want to tell you more! Here it is: _________
>
>
>
>
> I'll anonymize/summarize back to the list.
>
> thanks,
>
> jeff murphy
> information security program manager
> university at buffalo