Newbie IDS Question
Hello,
Part of my work is being the sysadmin for a simple LAN for the small company I work for. I'm trying to harden their systems and get some reporting as well. I've got snort & Base running on a box and they have a Cisco Pix 501 firewall that's logging to the snort box with syslogd.
How do I -know- if the network has been penetrated? Is it just watching logs?
Can anyone recommend a package that can gather and report network traffic stats from the PIX? Maybe some way to do it with snort?
Thanks for any advice.
Michael
Network Info:
12 clients and a file server <------->Pix 501 firewall<---->DSL<--->Internet
|