[svlug] Looking for a NIDS...

[Greg Herlein]

> Snort's a good start.  There are other tools, most have different
> focuses.

Snort is excellent IMHO.

> Behind your firewall should be really boring.  It's the times it isn't
> that you're concerned.

There are many who would say that what is going on inside is far
more interesting... many, if not most, hacks come from the
inside.  

But, before you even think about a NIDS you should do a complete
threat analysis and devise a security posture.  Only then can you
deploy a NIDS effectively.  Otherwise it's just data acquisition.

Greg