Educause Security Discussion mailing list archives
Re:
From: "Scholz, Greg" <gscholz () KEENE EDU>
Date: Thu, 20 Jul 2006 10:06:05 -0400
This solution is vendor dependant but we recently decided to migrate our entire network from our existing manufacture to Foundry Networks. Foundry has s-flow (superior to Cisco's NetFlow) and their management platform IronView (Foundry equivalent to Cisco Works) now has snort integration. So the result is that every port on our network will be s-flow enabled at all times (yes Foundry can do this compared to NetFlow being a resource hog so used sparingly) and it will send S-Flow data to IronView which will then be analyzed for anomalies by snort. We have a long road to get there since we can not upgrade all at once but it looks very promising. I also realized you said "IPS" not "IDS" but if every port on the network can be an IDS sensor and the management platform responsible for configuring those ports is the IDS it is only a matter of scripting some "responses" to have it be automatically react to anomalies at the switchport level. I hope this at least helps stir some ideas for you solution. _________________________ Thank you, Gregory R. Scholz Lead Network Engineer Information Technology Group Keene State College (603)358-2070 --Lead, follow, or get out of the way. (author unknown) -----Original Message----- From: John Kaftan [mailto:jkaftan () HOTMAIL COM] Sent: Thursday, July 20, 2006 9:30 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] We are looking into Intrusion Prevention Systems. We have looked at Tipping-Point are about to look at Cisco MARS. Does anyone have any experiences that they care to share? John Kaftan _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee(r) Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Current thread:
- Re: Scholz, Greg (Jul 20)