Home page logo

educause logo Educause Security Discussion mailing list archives

Re: IPS recommendations
From: "King, Ronald A." <raking () NSU EDU>
Date: Fri, 9 Nov 2012 18:26:22 -0500

We too have TippingPoint EOL equipment.  We purchased two Palo Alto
firewalls and are very happy with them.  In fact, they caught a bug today
that triggered further investigation.  Thanks to them, it was easy to ID the
host with user ID that was attacking our server.  We had not considered them
as an alternative to TippingPoint, but, with this conversation and recent
events, well, let's just say we are now open to the idea that we may already
have our replacement.


Note: The PAN firewalls are Next Gen (NG).  I have learned that they aren't
the standard definition of a firewall.  The recommended way to create rules
is based on the application rather than port.  The bug I mentioned earlier
was over port 80, generally allowed for your internal hosts to talk out to
port 80, but, much like an IPS, it triggered on a Trojan filter.  We have a
rule set for one of our web servers to only allow applications
"web-browsing" and "web-crawler" from the Internet.  With the ASAs we are
moving from, we allowed anything on port 80.


+2 here.


Ronald King

Security Engineer

Norfolk State University

http://security.nsu.edu <http://security.nsu.edu/> 


From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Entwistle, Bruce
Sent: Thursday, November 08, 2012 2:27 PM
Subject: [SECURITY] IPS recommendations


Our current IPS is reaching EOS, so we would take this opportunity to look
at alternatives to our existing Tipping Point unit.  I was looking to see
what everyone else is using and how well it is working for them.


Thank you

Bruce Entwistle

University of Redlands


Attachment: smime.p7s

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]