Re: IDP/IDS products

["DAVID R. MORTON" <dmorton () U WASHINGTON EDU>]

 1.  We have 6 devices all operating in-line. There are two test devices in bypass for testing and lab use.
 2.  Our IPS filters operate based on traffic not hosts. We do have some home grown rules that will auto-disable an 
IP/host in very specific instances (some know worms, certain types of attacks)
 3.  We have few, if any, reports of false positives.
 4.  We are using Tipping Point. The product selection was before my time, but we have no reason to change.
 5.  Historically we have had a few device failures and throughput issues. These have been resolved and things are 
working well.

David


--
David Morton
University of Washington
Director, Network Systems, UW Technology
dmorton () u washington edu
tel 206.221.7814

_________________________________

www.freshlymobile.com
                   a fresh look at mobility

__________________________________










On 9/16/08 12:04 PM, "Robert Riley" <rriley3 () ND EDU> wrote:

We are seeking peer feedback on the use of Intrusion Detection/Prevention systems.

If your organization has deployed an enterprise IDP/IDS, are you:

1. Using the product inline or in bypass mode?
2. Are you using the product to shun hosts?
3. How are you managing false positives?
4. Which product do you use and what was your selection criteria?
5. Have you documented any known issues with the product?

Please feel free to contact me offlist if you prefer.

Thank you.
--
Robert Riley
Information Security Professional
University of Notre Dame