Educause Security Discussion mailing list archives
Re: IPS recommendations
From: "King, Ronald A." <raking () NSU EDU>
Date: Fri, 9 Nov 2012 18:26:22 -0500
We too have TippingPoint EOL equipment. We purchased two Palo Alto firewalls and are very happy with them. In fact, they caught a bug today that triggered further investigation. Thanks to them, it was easy to ID the host with user ID that was attacking our server. We had not considered them as an alternative to TippingPoint, but, with this conversation and recent events, well, let's just say we are now open to the idea that we may already have our replacement. Note: The PAN firewalls are Next Gen (NG). I have learned that they aren't the standard definition of a firewall. The recommended way to create rules is based on the application rather than port. The bug I mentioned earlier was over port 80, generally allowed for your internal hosts to talk out to port 80, but, much like an IPS, it triggered on a Trojan filter. We have a rule set for one of our web servers to only allow applications "web-browsing" and "web-crawler" from the Internet. With the ASAs we are moving from, we allowed anything on port 80. +2 here. Ronald King Security Engineer Norfolk State University http://security.nsu.edu <http://security.nsu.edu/> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Entwistle, Bruce Sent: Thursday, November 08, 2012 2:27 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] IPS recommendations Our current IPS is reaching EOS, so we would take this opportunity to look at alternatives to our existing Tipping Point unit. I was looking to see what everyone else is using and how well it is working for them. Thank you Bruce Entwistle University of Redlands
Attachment:
smime.p7s
Description:
Current thread:
- IPS recommendations Entwistle, Bruce (Nov 08)
- Re: IPS recommendations Roger A Safian (Nov 08)
- Re: IPS recommendations Bradley, Stephen W. Mr. (Nov 08)
- Re: IPS recommendations Dave Koontz (Nov 08)
- Re: IPS recommendations Jeff Giacobbe (Nov 08)
- Re: IPS recommendations Walter Petruska (Nov 08)
- Re: IPS recommendations Bryan Zimmer (Nov 08)
- Re: IPS recommendations Walter Petruska (Nov 09)
- Re: IPS recommendations Bryan Zimmer (Nov 08)
- Re: IPS recommendations King, Ronald A. (Nov 09)
- Re: IPS recommendations Jeff Kell (Nov 09)
- Re: IPS recommendations Bob Williamson (Nov 09)
- Re: IPS recommendations Jeff Kell (Nov 09)
- <Possible follow-ups>
- Re: IPS recommendations Gioia, Matthew P. (Nov 09)
- Re: IPS recommendations Roger A Safian (Nov 09)
- Re: IPS recommendations Robert Rudloff (Nov 12)
- Re: IPS recommendations Roger A Safian (Nov 08)