IPS for Real - Surviving active Intrusion Prevention in a mission-critical network

No ratings

Presented at AUScert 2008 by

Walter Muller

Many enterprise organisations have deployed IDS, some have purchased IPS, but few seem to have taken the courageous next step of enabling their IPS to actively block traffic considered to be malicious. NEMMCO, with its role in managing critical infrastructure in the form of the National Electricity Grid, thought long and hard about how to gain the security benefits of IPS without compromising its critical highavailability systems in the process. The proposed presentation is a case study describing the successful deployment of commercially-available IPS devices within NEMMCO. It describes the deployment process beginning from threat analysis, through product selection and phased deployment to the point where the system is currently in production use, actively blocking malicious traffic with automated updates and full monitoring in place. It describes the problems encountered and is intended to be of practical assistance for other organisations wanting to deploy IPS and survive.