PaulDotCom mailing list archives
IPS Change management process
From: danthemanbaxter at gmail.com (Dan Baxter)
Date: Thu, 21 May 2009 09:07:31 -0500
The company I work for is in the process of spinning up an IPS solution. It's been a long time in coming and overdue, but we finally got the budget approval. Anyway, I'm developing the rules management process and have a few questions. We're a large, international company with many different applications running on our WAN. With many different application owners that may or may not know which address & ports the apps require for operation. As a result, our management, while recognizing the need for the project, are nervous that it will cause problems by blocking legitimate traffic. I'd like to know some of the items that should go into a good change management process for adding/modifying rules to an IPS. Our plan is to place the devices into IDS mode for a time to get to know our network better, but eventually we will turn blocking on. From the time a ruleset gets released by the vendor, to the rules getting implemented on the actual devices, what are the steps you guys may be taking. I appreciate any input. Thanks! Dan Baxter ------------------------------------------------- Quis custodiet ipsos custodes? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090521/05867835/attachment.htm
Current thread:
- IPS Change management process Dan Baxter (May 21)
- IPS Change management process Joel Esler (May 21)
- IPS Change management process Michael Dickey (May 21)
- IPS Change management process Michael Douglas (May 22)