Re: IPS recommendations

["King, Ronald A." <raking () NSU EDU>]

We too have TippingPoint EOL equipment.  We purchased two Palo Alto
firewalls and are very happy with them.  In fact, they caught a bug today
that triggered further investigation.  Thanks to them, it was easy to ID the
host with user ID that was attacking our server.  We had not considered them
as an alternative to TippingPoint, but, with this conversation and recent
events, well, let's just say we are now open to the idea that we may already
have our replacement.

 

Note: The PAN firewalls are Next Gen (NG).  I have learned that they aren't
the standard definition of a firewall.  The recommended way to create rules
is based on the application rather than port.  The bug I mentioned earlier
was over port 80, generally allowed for your internal hosts to talk out to
port 80, but, much like an IPS, it triggered on a Trojan filter.  We have a
rule set for one of our web servers to only allow applications
"web-browsing" and "web-crawler" from the Internet.  With the ASAs we are
moving from, we allowed anything on port 80.

 

+2 here.

 

Ronald King

Security Engineer

Norfolk State University

http://security.nsu.edu <http://security.nsu.edu/> 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Entwistle, Bruce
Sent: Thursday, November 08, 2012 2:27 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] IPS recommendations

 

Our current IPS is reaching EOS, so we would take this opportunity to look
at alternatives to our existing Tipping Point unit.  I was looking to see
what everyone else is using and how well it is working for them.

 

Thank you

Bruce Entwistle

University of Redlands

Attachment: smime.p7s
Description: