[unisog] Intrusion Prevention System (IPS) @ University

Vijay Sarvepalli vijay at ericavijay.net
Sun Aug 15 21:11:31 GMT 2010


Tippingpoint is good for performance at the scale where you are talking about.  The SMS management is also reasonably easy.  However, you loose granular control with Tippingpoint and reporting interface is poorly designed.

I am not as familiar with cisco IPS, but from early testings..
I remember Cisco IPS to be not great for performance.  The management also is not very friendly.

Note IPS does not remove your need for other monitoring.  TippingPoint type products provide good 1st level filtering which block lots of generic threats and scripted "probing" or reconnaissance to your environment.   That is all they can do.  But they do make a good business case for "automated filtering" of level 1 and level 2 threats.

Vijay 




From: Zamri Besar 
Sent: Sunday, August 15, 2010 12:57 PM
To: unisog at lists.dshield.org 
Subject: [unisog] Intrusion Prevention System (IPS) @ University


Dear all,

At this moment, I'm in the middle of evaluating potential network IPS for my company, and two candidates are HP Tipping Point and Cisco IPS. As I do believe most of you in unisog deploy same or different products, therefore may I seek your help for advices and comments regarding any deployment of IPS in your university?

Some of criteria are:

1. More than 6000 end-users online concurrently
2. IPv4 and IPv6 support
3. Internet bandwidth, as example is 200Mbps

Thank you and have a nice day!



--------------------------------------------------------------------------------


_______________________________________________
unisog mailing list
unisog at lists.dshield.org
https://lists.sans.org/mailman/listinfo/unisog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20100815/b0ecd7bd/attachment.htm 


More information about the unisog mailing list