Re: Closed Network Implementation?

[Rick Coloccia <coloccia () GENESEO EDU>]

At the time, good-old-fashioned perl. Recent past: splunk.  Moving to 
Kibana.

Yes, Tipping Point.

On 3/8/2013 12:11 PM, Leo Song wrote:
> Hi, Rick.
>
> What log tool are you using to analyse them? and have you had IDS/IPS 
> implemented? thanks.
>
>
> On 13-03-07 11:39 AM, Rick Coloccia wrote:
> > On 3/7/2013 11:35 AM, Willis Marti wrote:
> > > Glenn,
> > >   The key lesson is that with a research university, possibly all 
> > > higher ed, there is no way to know everything our faculty and staff 
> > > have cooked up when the rules were less strict. I strongly feel you 
> > > have to put a device in place without rules to determine what 
> > > "default deny" would reject, before turning it on.
> > +1.
> >
> > When we moved from open to closed, I put the firewall in a log-all 
> > state for months before throwing the switch.  I was then able to work 
> > out what everything was, write appropriate rules, interact with the 
> > appropriate sysadmins, and make for a very smooth conversion from 
> > open to closed.
> >
> > -Rick


--
Rick Coloccia, Jr.
Network Manager
State University of NY College at Geneseo
1 College Circle, 119 South Hall
Geneseo, NY 14454
V: 585-245-5577
F: 585-245-5579