[unisog] Experiences with Firewalls & IPS at EDUs

vijay at ericavijay.net vijay at ericavijay.net
Thu Oct 16 03:35:13 GMT 2008

Hello Brad,

If high performance is desired along with upto layer 7 inspection ; TopLayer, Sourcefire and Tippingpoint are the top on the list.  McAffee, Symantec and others in the market are not as performance oriented and failover setup etc is not mature.

Tippingpoint has been very popular among EDU's early.  But there has been some disappointment with security analyst and admins mostly to do with
1.  No open API's for management and writing custom rules signatures.
2.  SMS interface not very friendly to navigate - written by "ex-car manufacturing engineer" is the comment I heard.
3.  High level metrics (Performance, blacklilst IP's, DOS attempts, abnormal packets) are not good -   misleading or confusing.

The product is designed for plug and play with minimal intervention. For some EDU's thats not what they want!  

Snort commercial version Sourefire meets some of those needs.  However getting high level metrics and stats is not easy in any of these products.  Any automated alerting to SIM / integration to ticketing system is not very easy on any of them.  Basically the product line itself is WIP - Work In Progress.


  ----- Original Message ----- 
  From: Bradley Ellis 
  To: unisog at lists.dshield.org 
  Sent: Thursday, October 16, 2008 5:02 AM
  Subject: [unisog] Experiences with Firewalls & IPS at EDUs

  Hi All, 

  Do any of you have experiences (good, bad and otherwise) that you would be prepared to share regarding the use of Firewalls and IPSs at EDUs ? 

  If you could please reply directly, rather than to the list. 

  Brad Ellis
  Senior Firewall and Vulnerability Specialist
  Security and Risk Section, Infrastructure Services, ITS
  Monash University
  Ph: + 61 3 9902 0687
  Fax: + 61 3 9905 4746


  unisog mailing list
  unisog at lists.dshield.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20081016/52cfd8ae/attachment.htm 

More information about the unisog mailing list