At the risk of starting a flamefest, what is a good IDS? I ask because the recent compromises have got me thinking. I have a couple of web/mail servers I am adminning at school, and I really have no way of knowing if they have been 0wn3d. I (poorly) check the logs every 2 to 4 weeks, but that doesn't seem like enough. What does everyone else use? (BTW, my servers run stable.) -Roberto
Attachment:
pgpCDKorv1qfD.pgp
Description: PGP signature