[unisog] Intrusion Prevention System (IPS) @ University

Vijay Sarvepalli vijay at ericavijay.net
Sun Aug 15 21:11:31 GMT 2010

Tippingpoint is good for performance at the scale where you are talking about.  The SMS management is also reasonably easy.  However, you loose granular control with Tippingpoint and reporting interface is poorly designed.

I am not as familiar with cisco IPS, but from early testings..
I remember Cisco IPS to be not great for performance.  The management also is not very friendly.

Note IPS does not remove your need for other monitoring.  TippingPoint type products provide good 1st level filtering which block lots of generic threats and scripted "probing" or reconnaissance to your environment.   That is all they can do.  But they do make a good business case for "automated filtering" of level 1 and level 2 threats.


From: Zamri Besar 
Sent: Sunday, August 15, 2010 12:57 PM
To: unisog at lists.dshield.org 
Subject: [unisog] Intrusion Prevention System (IPS) @ University

Dear all,

At this moment, I'm in the middle of evaluating potential network IPS for my company, and two candidates are HP Tipping Point and Cisco IPS. As I do believe most of you in unisog deploy same or different products, therefore may I seek your help for advices and comments regarding any deployment of IPS in your university?

Some of criteria are:

1. More than 6000 end-users online concurrently
2. IPv4 and IPv6 support
3. Internet bandwidth, as example is 200Mbps

Thank you and have a nice day!


unisog mailing list
unisog at lists.dshield.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20100815/b0ecd7bd/attachment.htm 

More information about the unisog mailing list